mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

596
comptes actifs

#regresshion

0 message0 participant0 message aujourd’hui
Renaud Lifchitz :verified:<p>Podcast NoLimitSecu - Episode #465 consacré à la <a href="https://infosec.exchange/tags/vuln%C3%A9rabilit%C3%A9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnérabilité</span></a> <a href="https://infosec.exchange/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a> qui permet d’exécuter du code à distance dans <a href="https://infosec.exchange/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <br><a href="https://www.nolimitsecu.fr/regresshion/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">nolimitsecu.fr/regresshion/</span><span class="invisible"></span></a></p>
IT News<p>This Week in Security: Blast-RADIUS, Gitlab, and Plormbing - The RADIUS authentication scheme, short for “Remote Authentication Dial-In User Se... - <a href="https://hackaday.com/2024/07/12/this-week-in-security-blast-radius-gitlab-and-plormbing/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2024/07/12/this-w</span><span class="invisible">eek-in-security-blast-radius-gitlab-and-plormbing/</span></a> <a href="https://schleuss.online/tags/thisweekinsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thisweekinsecurity</span></a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackadaycolumns</span></a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityhacks</span></a> <a href="https://schleuss.online/tags/blastradius" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blastradius</span></a> <a href="https://schleuss.online/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
ADMIN magazine<p>Researchers at Qualys Threat Research Unit find critical OpenSSH vulnerability in glibc-based Linux systems <a href="https://www.admin-magazine.com/News/Critical-OpenSSH-Vulnerability-Affects-Linux-Systems" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/News/Critic</span><span class="invisible">al-OpenSSH-Vulnerability-Affects-Linux-Systems</span></a><br><a href="https://hachyderm.io/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://hachyderm.io/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://hachyderm.io/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://hachyderm.io/tags/patch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patch</span></a> <a href="https://hachyderm.io/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a></p>
AlmaLinux<p>Like with last week's <a href="https://fosstodon.org/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> patch, this week we are again patching OpenSSH ahead of our upstream to keep our users secure. <a href="https://almalinux.org/blog/2024-07-09-cve-2024-6409/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">almalinux.org/blog/2024-07-09-</span><span class="invisible">cve-2024-6409/</span></a> <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Alex Ivanovs<p>RHEL 9 OpenSSH packages affected by remote code execution flaw</p><p><a href="https://stackdiary.com/rhel-9-openssh-packages-affected-by-remote-code-execution-flaw/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">stackdiary.com/rhel-9-openssh-</span><span class="invisible">packages-affected-by-remote-code-execution-flaw/</span></a></p><p><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/RHEL9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RHEL9</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CVE20246409" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE20246409</span></a> <a href="https://mastodon.social/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedora</span></a> <a href="https://mastodon.social/tags/RaceCondition" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaceCondition</span></a> <a href="https://mastodon.social/tags/SIGALRM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIGALRM</span></a> <a href="https://mastodon.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://mastodon.social/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatchManagement</span></a> <a href="https://mastodon.social/tags/Mitigation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitigation</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/Threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Threat</span></a> <a href="https://mastodon.social/tags/Hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hackers</span></a> <a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bug</span></a> <a href="https://mastodon.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.social/tags/Glitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Glitch</span></a> <a href="https://mastodon.social/tags/Audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Audit</span></a> <a href="https://mastodon.social/tags/Syslog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Syslog</span></a> <a href="https://mastodon.social/tags/Update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Update</span></a> <a href="https://mastodon.social/tags/Enterprise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enterprise</span></a> <a href="https://mastodon.social/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxSecurity</span></a> <a href="https://mastodon.social/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://mastodon.social/tags/ServerSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ServerSecurity</span></a> <a href="https://mastodon.social/tags/CyberThreat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberThreat</span></a> <a href="https://mastodon.social/tags/SystemAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemAdmin</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitre</span></a> <a href="https://mastodon.social/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevOps</span></a> <a href="https://mastodon.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a></p>
IT News<p>This Week in Security: Hide Yo SSH, Polyfill, and Packing It Up - The big news this week was that OpenSSH has an unauthorized Remote Code Execution ... - <a href="https://hackaday.com/2024/07/05/this-week-in-security-hide-yo-ssh-polyfill-and-packing-it-up/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2024/07/05/this-w</span><span class="invisible">eek-in-security-hide-yo-ssh-polyfill-and-packing-it-up/</span></a> <a href="https://schleuss.online/tags/thisweekinsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thisweekinsecurity</span></a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackadaycolumns</span></a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityhacks</span></a> <a href="https://schleuss.online/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a> <a href="https://schleuss.online/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://schleuss.online/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a></p>
b00010111<p>I would not limit the sigma rule to the standard installation path. I don't see it impossible that some more complex installations bring openssh at a custom path. (Or installation of portable Openssh form source?) If I would go for hunting, I would like to avoid that risk by first checking from which locations an sshd is running. But the rest of the rule is good to bring over the idea and also limitations (false positives) of that approach.</p><p><a href="https://www.magonia.io/blog/detecting-regresshion-cve-2024-6387-guide" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">magonia.io/blog/detecting-regr</span><span class="invisible">esshion-cve-2024-6387-guide</span></a></p><p><a href="https://ioc.exchange/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> <a href="https://ioc.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://ioc.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://ioc.exchange/tags/threathunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threathunting</span></a></p>
PrivacyDigest<p>“RegreSSHion” <a href="https://mas.to/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> in <a href="https://mas.to/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> gives attackers root on <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <br><a href="https://mas.to/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a></p><p><a href="https://arstechnica.com/?p=2035011" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2035011</span><span class="invisible"></span></a></p>
Víctor A. Rodríguez :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>arstechnica</span></a></span> Some scripting to detect vulnerable <a href="https://techhub.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> <a href="https://techhub.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> version and patch sshd config by LoginGraceTime</p><p>sed -i 's/.*LoginGraceTime.*/LoginGraceTime 0/' /etc/ssh/sshd_config </p><p><a href="https://gitlab.com/bit-man/os-mindset/-/raw/master/lib/debian/regreSSHion?ref_type=heads" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/bit-man/os-mindset/</span><span class="invisible">-/raw/master/lib/debian/regreSSHion?ref_type=heads</span></a></p>
Royce Williams<p>Question about the OpenSSH vuln: </p><p>Do all the attempts have to come from a single connection?</p><p>Or could attack be distributed across a fleet of source IPs (impacting effectiveness of fail2ban, etc.)</p><p><a href="https://infosec.exchange/tags/RegreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RegreSSHion</span></a> <a href="https://infosec.exchange/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://infosec.exchange/tags/cve_2024_6387" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve_2024_6387</span></a></p>
Genma<p>une faille critique dans <a href="https://framapiaf.org/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> appelée <a href="https://framapiaf.org/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> </p><p>Moi quand je vais mettre mes serveurs à jour pour patcher... Qui a la référence ?</p>
Adi'Vaala vas Miðgarðr 👨🏼‍💻<p><a href="https://swiss.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> 🙃</p>
Nizar Kerkeni 🇹🇳 نزار القرقني<p>Regresshion : une faille critique dans OpenSSH touche des millions de serveurs</p><p><a href="https://www.lemondeinformatique.fr/actualites/lire-regresshion-une-faille-critique-dans-openssh-touche-des-millions-de-serveurs-94164.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lemondeinformatique.fr/actuali</span><span class="invisible">tes/lire-regresshion-une-faille-critique-dans-openssh-touche-des-millions-de-serveurs-94164.html</span></a></p><p><a href="https://mastodon.tn/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://mastodon.tn/tags/Regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Regresshion</span></a> <a href="https://mastodon.tn/tags/S%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sécurité</span></a></p>
Hyde 📷 🖋 :debian:<p><a href="https://lazybear.social/tags/Openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Openssh</span></a> fix applied !<br> <br><a href="https://security-tracker.debian.org/tracker/CVE-2024-6387" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security-tracker.debian.org/tr</span><span class="invisible">acker/CVE-2024-6387</span></a></p><p><a href="https://lazybear.social/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> <a href="https://lazybear.social/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a></p>
Jan Wildeboer 😷:krulorange:<p>If you run RHEL (Red Hat Enterprise Linux) 6, 7 or 8 you are are NOT affected by the new vulnerability in the <a href="https://social.wildeboer.net/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> daemon known as CVE-2024-6387.</p><p>If you run RHEL 9 you should set</p><p>LoginGraceTime 0</p><p>in /etc/ssh/sshd_config until a fix is released. More details at <a href="https://access.redhat.com/security/cve/CVE-2024-6387" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">access.redhat.com/security/cve</span><span class="invisible">/CVE-2024-6387</span></a></p><p>For a list of references on how this is being handled at many other places: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cve.mitre.org/cgi-bin/cvename.</span><span class="invisible">cgi?name=CVE-2024-6387</span></a></p><p><a href="https://social.wildeboer.net/tags/RedHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedHat</span></a> <a href="https://social.wildeboer.net/tags/RHEL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RHEL</span></a> <a href="https://social.wildeboer.net/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.wildeboer.net/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a></p>
Avoid the Hack! :donor:<p><a href="https://infosec.exchange/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a>: Remote Unauthenticated Code Execution <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> in OpenSSH server</p><p>This one is for my sysadmins out there... or really, anyone who runs/manages a server with sshd facing the internet.</p><p>"The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration."</p><p>Long story short: successful exploitation could lead to full system compromise.</p><p>This affects OpenSSH versions older than 4.4p1 and versions _between_ 8.5p1 and 9.8p1.</p><p>Note that some <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distros (current versions of RHEL 7 and RHEL 8) are unaffected. Most distros have updates available. Update ASAP.</p><p>If updating is not possible, you can set set LoginGraceTime in /etc/ssh/sshd_config to 0. This comes with the risk of making the sshd server vulnerable to denial of service.</p><p><a href="https://infosec.exchange/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p><p>regreSSHion is tracked as CVE-2024-6387.</p><p><a href="https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server#automatically-patch-regresshion-vulnerability-with-qualys-patch-management" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.qualys.com/vulnerabilitie</span><span class="invisible">s-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server#automatically-patch-regresshion-vulnerability-with-qualys-patch-management</span></a></p>
Greg SlepakJust noticed that <span class="h-card"><a class="u-url mention" href="https://fosstodon.org/@fedora" rel="nofollow noopener noreferrer" target="_blank">@<span>fedora</span></a></span> doesn't have the fix for the latest serious <a class="hashtag" href="https://crib.social/tag/ssh" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> exploit yet. Anyone know when the fix will make it in?<br><br><a href="https://news.ycombinator.com/item?id=40843778" rel="nofollow noopener noreferrer" target="_blank">https://news.ycombinator.com/item?id=40843778</a> <a class="hashtag" href="https://crib.social/tag/regresshion" rel="nofollow noopener noreferrer" target="_blank">#regresshion</a><br><br><a class="hashtag" href="https://crib.social/tag/linux" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a class="hashtag" href="https://crib.social/tag/fedora" rel="nofollow noopener noreferrer" target="_blank">#fedora</a> <a class="hashtag" href="https://crib.social/tag/sshd" rel="nofollow noopener noreferrer" target="_blank">#sshd</a> <a class="hashtag" href="https://crib.social/tag/openssh" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> /cc <span class="h-card"><a class="u-url mention" href="https://mastodon.social/@decathorpe" rel="nofollow noopener noreferrer" target="_blank">@<span>decathorpe</span></a></span>
jbz<p>'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems</p><p>「 They have named this vulnerability "regreSSHion", since it represents the re-emergence of a bug that was previously patched in 2006 (CVE-2006-5051). It is described as "critical" 」</p><p><a href="https://indieweb.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> <a href="https://indieweb.social/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> <a href="https://indieweb.social/tags/CVE20065051" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE20065051</span></a> <a href="https://indieweb.social/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> <a href="https://indieweb.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://indieweb.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://indieweb.social/tags/Opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Opensource</span></a><br><a href="https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">computing.co.uk/news/4329906/c</span><span class="invisible">ritical-vulnerability-openssh-uncovered-affects-linux-systems</span></a></p>
Ed W8EMV<p>I don't see an <a href="https://hachyderm.io/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://hachyderm.io/tags/regreSSHion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regreSSHion</span></a> bug listed in the <span class="h-card" translate="no"><a href="https://fosstodon.org/@almalinux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>almalinux</span></a></span> "product errata" tracker (yet?).</p><p><a href="https://errata.almalinux.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">errata.almalinux.org/</span><span class="invisible"></span></a></p>
Mad A. Argon :qurio:<p>Just updated my server to get rid of <a href="https://is-a.cat/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssh</span></a> <a href="https://is-a.cat/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a>... This is the first time I really feel "being a sysadmin even after work".</p><p>Self-hosters here, check your servers!</p><p><a href="https://is-a.cat/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openssh</span></a> <a href="https://is-a.cat/tags/regresshion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regresshion</span></a></p>