I’m running a few Debian stable systems that are up to date on patches.

But I just ran ssh -V and the OpenSSH version listed is “OpenSSH_9.2p1 Debian-2+deb12u3” which as I understand is still vulnerable.

Am I missing something or am I good?

  • Lettuce eat lettuce@lemmy.mlOP
    link
    fedilink
    arrow-up
    34
    ·
    4 months ago

    Never mind, found the Debian security bulletin, my version is patched already.

    Leaving this here for any other newbies that might be wondering.

    Sorry, all!

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        They patch stuff like this fast because it’s a remote exploit. Local privilege escalation exploits are fixed much slower.

        • TCB13@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          I know, I know, but trust me that a lot of people believe that they don’t issue security patches fast.

      • Mactan@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        4 months ago

        LTS means security fixes, but little else if any. good luck if you need a feature that came out a year ago it’s not in the repo yet

  • uiiiq@lemm.ee
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    4 months ago

    PoC on 32 bit requires thousands of authentication attempts, so any sane firewall should protect you against it already. Afaik there isnt any for 64 bit