Techokami

we do think it would be challenging to exploit in practice, which might affect your sense of urgency, but you should err on the side of updating before you forget

Gay Eminem on 9/11 @DecayWTF7/2/2024, 2:34 AM

This one's not as bad as the last big compromise but the vulnerability has been in ssh much longer so:

If you are running Linux, update your system.
If you are running WSL or macos and have installed openssh, update WSL or homebrew respectively
FreeBSD may not be vulnerable but the project has issued patches out of an abundance of caution, so update
OpenBSD is safe and is in fact sort of the reason for the vulnerability, lol, lmao
Other systems, idk, hope you know what you're doing running OpenSSH on AmigaOS or Haiku or whatever

You must log in to comment.

in reply to @amb's post:

vi[olet]@violet-spark7/2/2024, 2:17 AM

LOL
LMAO
DEBIAN BUSTER UNAFFECTED
OLD SOFTWARE USERS STAY WINNING

in reply to @DecayWTF's post:

Space-G @Space-G7/2/2024, 9:49 AM

"OpenBSD is safe and is in fact sort of the reason for the vulnerability"

I thought they were the ones who created openssh? I probably am wrong tho.

I'm curious about what I quoted, enough to comment, but not enough to research it :eggbug-tuesday:

Gay Eminem on 9/11 @DecayWTF7/2/2024, 2:00 PM

They are, the disclosure explains it but basically the vulnerability is because OpenSSH has a safety feature available in OpenBSD that isn't there in other systems:

OpenBSD is notably not vulnerable, because its
SIGALRM handler calls syslog_r(), an async-signal-safer version of
syslog() that was invented by OpenBSD in 2001.

Space-G @Space-G7/2/2024, 7:09 PM

LOL! LMAO!!!!

Pinned Tags

Education Yourself