[ShadowAce]

According to the OpenSSH team and its release notes for version 9.8, which includes the fix for CVE-2024-6387, in lab conditions it took between six and eight hours to beat the race condition.

[ShadowAce]

[algore]

OH SSHit

[butterdezillion]

This was what my son was frantically trying to figure out last night when a tornado warning sent us into the basement. He’s worked so hard to set up our secure server and just like that he had to figure out how to keep it secure.

[ShadowAce]

Since I posted this a few minutes ago, I checked my available updates, and my distro already has the newest package ready to DL with the fix.

I love Open Source!

[Gene Eric]

Yet another reason to restrict network access to a sshd endpoint.

[Carriage Hill]

Ping...

[Dead Corpse]

Well..... That’s not good.

[dayglored]

The Register tends to get a little breathless about vulns. This one is very difficult to exploit, but you have to read deep into the article to discover that. Oh well, they deserve the clicks...

[steve86]

I run OpenSUSE 15.5. Here is their statement:

“Only SUSE Linux Enterprise 15 SP6, SUSE Linux Micro 6.0, openSUSE Leap 15.6 and openSUSE Tumbleweed were affected by this problem.”

[9YearLurker]

Not in the Windple duopoly?

We’ll get you, our little pretties!