RegreSSHion Mitigation Debian Stable?
RegreSSHion Mitigation Debian Stable?
I'm running a few Debian stable systems that are up to date on patches.
But I just ran ssh -V and the OpenSSH version listed is "OpenSSH_9.2p1 Debian-2+deb12u3" which as I understand is still vulnerable.
Am I missing something or am I good?
Never mind, found the Debian security bulletin, my version is patched already.
Leaving this here for any other newbies that might be wondering.
Sorry, all!
33 0 Reply"oh but Debian only has old stuff" , yeah sure. :P
7 5 ReplyThey patch stuff like this fast because it's a remote exploit. Local privilege escalation exploits are fixed much slower.
2 0 ReplyLTS means security fixes, but little else if any. good luck if you need a feature that came out a year ago it's not in the repo yet
1 1 Reply
That version has been patched.
16 0 ReplyPoC on 32 bit requires thousands of authentication attempts, so any sane firewall should protect you against it already. Afaik there isnt any for 64 bit
5 1 Reply