:: Re: [DNG] CVE-2024-6387: regreSSHio…
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Martin Steigerwald
Fecha:  
A: dng
Temas antiguos: [DNG] CVE-2024-6387
Asunto: Re: [DNG] CVE-2024-6387: regreSSHion bug in OpenSSH
Simon Walter - 02.07.24, 07:40:41 CEST:
> Is this fixed upstream already?


Like mentioned on the Debian CVE page, mentioned by Ludovic, I suppose yes.

However the updated packages currently work around the issue:

openssh (1:9.7p1-7) unstable; urgency=critical

  [ Salvatore Bonaccorso ]
  * Disable async-signal-unsafe code from the sshsigdie() function.  This is
    a minimal workaround for a regression from CVE-2006-5051.


-- Colin Watson <[…]> Mon, 01 Jul 2024 10:11:27 +0100

Best,
--
Martin