Subj : Serious vulnerability fixed with OpenSSH 9.8
To   : All
From : LWN.net
Date : Mon Jul 01 2024 14:00:05

Serious vulnerability fixed with OpenSSH 9.8

Date:
Mon, 01 Jul 2024 12:53:18 +0000

Description:
OpenSSH 9.8 has been
released, fixing an ugly vulnerability: Successful exploitation has been 
demonstrated on 32-bit Linux/glibc
	systems with ASLR. Under lab conditions, the attack requires on
	average 6-8 hours of continuous connections up to the maximum the
	server will accept. Exploitation on 64-bit systems is believed to
	be possible but has not been demonstrated at this time. It's likely
	that these attacks will be improved upon. Exploitation on non-glibc 
systems is conceivable but has not been
	examined. There is a
configuration workaround for systems that cannot be updated, though it
has its own problems.  See this Qualys
advisory for more details.

======================================================================
Link to news story:
https://lwn.net/Articles/980211/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.