harrysintonen , 1 day ago to random

Remote Unauthenticated Code Execution #Vulnerability in #OpenSSH server

Affected versions:

• OpenSSH versions earlier than 4.4p1
• Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable
• Versions from 8.5p1 up to, but not including, 9.8p1

Details:

• https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
• https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

scy , 3 months ago to random

Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH

wurzelmann , 1 day ago to random German

Leute, patcht euer openSSH, es gibt da eine grausliche Schwachstelle gerade:

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

#openSSH #SSH #Linux

raptor , 1 day ago to random

Qualys does it again!

#regreSSHion: #RCE in #OpenSSH's server, on glibc-based #Linux systems
(CVE-2024-6387)

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt