:: Re: [DNG] CVE-2024-6387: regreSSHio…
Góra strony
Delete this message
Reply to this message
Autor: Martin Steigerwald
Data:  
Dla: dng
Stare tematy: [DNG] CVE-2024-6387
Temat: Re: [DNG] CVE-2024-6387: regreSSHion bug in OpenSSH
Simon Walter - 02.07.24, 07:40:41 CEST:
> Is this fixed upstream already?


Like mentioned on the Debian CVE page, mentioned by Ludovic, I suppose yes.

However the updated packages currently work around the issue:

openssh (1:9.7p1-7) unstable; urgency=critical

  [ Salvatore Bonaccorso ]
  * Disable async-signal-unsafe code from the sshsigdie() function.  This is
    a minimal workaround for a regression from CVE-2006-5051.


-- Colin Watson <[…]> Mon, 01 Jul 2024 10:11:27 +0100

Best,
--
Martin