'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
Do you feel lucky F(reeBSD)unk ?
)))
Do you feel lucky F(reeBSD)unk ?
gitup release
cd /usr/src/secure/lib/libssh
make all
make install
service sshd restart
So what's the deal with that glibc-only talk?
gitup release
cd /usr/src/secure/usr.sbin/sshd
make all
make install
service sshd restart
"This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions ... We have not investigated any other libc or operating system; but OpenBSD is notably not vulnerable, because its SIGALRM handler calls syslog_r(), an async-signal-safer version of syslog() that was invented by OpenBSD in 2001."
10966 - IsJ 0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 5-5 startups (