On 7/25/23 03:43, Rob via Dng wrote:
>
>
>
>
> Sent from ProtonMail, encrypted email based in Switzerland.
>
>
> ------- Original Message -------
> On Monday, July 24th, 2023 at 17:44, Alif "al1r4d" Radhitya Wardana <alif@???> wrote:
>
>
>> I have a problem: keyboard and mouse don't work when I run dwm (xorg).
>>
>> If in a TTY environment, there is no keyboard and mouse issue.
>>
>> Previously I did an update and it left me with a problem: I can't open
>> Thunar (I forgot the version, just the latest according to the
>> repository).
>>
>> Does thunar's problem have anything to do with this new problem?
>>
>> --
>> ~al1r4d/radhitya <radhitya.org>
>
> There was a email the other day https://lists.dyne.org/lurker/message/20230722.143430.f07d6361.en.html
>
> Downgrade package libgudev-1.0-0 to 237-2 in TTY with
> dpkg -i /var/cache/apt/archives/libgudev-1.0-0_237-2_amd64.deb
>
> The second message in the thread describes pinning the version.
>
> Rob

I was thinking of this one, note the "Potentially-incompatible changes":

OpenSSH 9.3p2 (2023-07-19)

OpenSSH 9.3p2 was released on 2023-07-19. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Changes since OpenSSH 9.3
=========================

This release fixes a security bug.

Security
========

Fix CVE-2023-38408 - a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following
conditions are met:

* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.

Exploitation can also be prevented by starting ssh-agent(1) with an
empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
an allowlist that contains only specific provider libraries.

This vulnerability was discovered and demonstrated to be exploitable
by the Qualys Security Advisory team.

In addition to removing the main precondition for exploitation,
this release removes the ability for remote ssh-agent(1) clients
to load PKCS#11 modules by default (see below).

Potentially-incompatible changes
--------------------------------

  * ssh-agent(8): the agent will now refuse requests to load PKCS#11
    modules issued by remote clients by default. A flag has been added
    to restore the previous behaviour "-Oallow-remote-pkcs11".

    Note that ssh-agent(8) depends on the SSH client to identify
    requests that are remote. The OpenSSH >=8.9 ssh(1) client does
    this, but forwarding access to an agent socket using other tools
    may circumvent this restriction.

- Clarke