I've done the upgrade on a home machine and two servers (one of them a
Bitfolk VPS) without problems, all Debian 12.
Did you do an apt update first?
Also I also always use
apt-get upgrade
without specifying the package name, to make sure to catch everything
that needs upgrading. In this case, openssh-client did need upgrading too.
I subscribe to the Debian security mailing list and get notifications
every two or three days, and I have a script that brings all of them up
to date on one command. Incidents like this show why it's a good idea to
apply updates as soon as possible.
On Mon, Jul 01, 2024 at 12:20:22PM +0100, Adam Spiers via BitFolk Users wrote:
Thanks a lot for the heads-up! On bookworm, I see an
update available, but
run into an openssl dependency issue:
# apt upgrade openssh-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
openssh-server : Depends: openssh-client (= 1:9.2p1-2+deb12u3)
Depends: libssl3 (>= 3.0.13) but 3.0.11-1~deb12u2 is to
be installed
E: Broken packages
These are my sources:
# cat /etc/apt/sources.list.d/debian*
#deb
http://ftp.debian.org/debian bookworm-backports main
#deb
http://deb.debian.org/debian bookworm-backports main
deb
http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian/
bookworm-backports main
deb
http://apt-cacher.lon.bitfolk.com/debian/ftp.debian.org/debian stable
main contrib non-free non-free-firmware
deb-src
http://apt-cacher.lon.bitfolk.com/debian/ftp.debian.org/debian
stable main contrib non-free
deb
http://apt-cacher.lon.bitfolk.com/debian/security.debian.org/
stable-security main contrib non-free
deb-src
http://apt-cacher.lon.bitfolk.com/debian/security.debian.org/
stable-security main contrib non-free
Any ideas?
I have another VPS running buster, which I note has reached EOL last
night. What absolutely fabulous timing!
https://wiki.debian.org/LTS
On Mon, 1 Jul 2024 at 11:59, Richard Wallman via BitFolk Users <
users(a)mailman.bitfolk.com> wrote:
> CVE-2024-6387 details a flaw in OpenSSH that could *potentially* give an
> attacker a root shell in "6-8 hours"
>
> It's not in MITRE yet, but Qualys have named it "regreSSHion" and you
can
> read about it on their site
>
> There's an updated package in Debian already, but it looks like the
> information's still embargoed (even the openssh package changelog is
> 404ing) so I can only *assume* they've fixed it but can't tell anyone yet
> (it wasn't on
security.debian.org just now either
>
> This is probably an update you don't want to be sleeping on
> _______________________________________________
> BitFolk Users mailing list <users(a)mailman.bitfolk.com>
> You're subscribed as <bitfolk(a)adamspiers.org>
> Unsubscribe: <
>
https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.c…
> >
> or send an email to <users-leave(a)mailman.bitfolk.com>
>
_______________________________________________
BitFolk Users mailing list <users(a)mailman.bitfolk.com>
You're subscribed as <anahata(a)treewind.co.uk>
Unsubscribe:
<https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.com/>
or send an email to <users-leave(a)mailman.bitfolk.com>
--
Anahata
anahata(a)treewind.co.uk -+-
http://www.treewind.co.uk
Home: 01535 501017 Mob: 07976 263827