Hi Andy,

Thank you very much for the heads-up!

Regards,
Jan Henkins


On 1 July 2024 16:24:36 BST, Andy Smith via BitFolk Users <users@mailman.bitfolk.com> wrote:
Hi,

An unauthenticated remote root exploit has been discovered in SSH,
including in versions shipped by Debian stable and newer, and most
other up to date Linux distributions.

https://security-tracker.debian.org/tracker/CVE-2024-6387

Please make sure you have applied the necessary upgrades.

If for some reason you are unable to apply an upgrade, the issue can
be mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config.

This will make it easier for people to tie up all connection slots,
denying access to legitimate connections, but does avoid the remote
root exploit.

Thanks,
Andy