Thanks a lot for the heads-up! On bookworm, I see an update available, but
run into an openssl dependency issue:
# apt upgrade openssh-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
openssh-server : Depends: openssh-client (= 1:9.2p1-2+deb12u3)
Depends: libssl3 (>= 3.0.13) but 3.0.11-1~deb12u2 is to
be installed
E: Broken packages
These are my sources:
# cat /etc/apt/sources.list.d/debian*
#deb
http://ftp.debian.org/debian bookworm-backports main
#deb
http://deb.debian.org/debian bookworm-backports main
deb
http://apt-cacher.lon.bitfolk.com/debian/deb.debian.org/debian/
bookworm-backports main
deb
http://apt-cacher.lon.bitfolk.com/debian/ftp.debian.org/debian stable
main contrib non-free non-free-firmware
deb-src
http://apt-cacher.lon.bitfolk.com/debian/ftp.debian.org/debian
stable main contrib non-free
deb
http://apt-cacher.lon.bitfolk.com/debian/security.debian.org/
stable-security main contrib non-free
deb-src
http://apt-cacher.lon.bitfolk.com/debian/security.debian.org/
stable-security main contrib non-free
Any ideas?
I have another VPS running buster, which I note has reached EOL last
night. What absolutely fabulous timing!
https://wiki.debian.org/LTS
On Mon, 1 Jul 2024 at 11:59, Richard Wallman via BitFolk Users <
users(a)mailman.bitfolk.com> wrote:
CVE-2024-6387 details a flaw in OpenSSH that could
*potentially* give an
attacker a root shell in "6-8 hours"
It's not in MITRE yet, but Qualys have named it "regreSSHion" and you can
read about it on their site
There's an updated package in Debian already, but it looks like the
information's still embargoed (even the openssh package changelog is
404ing) so I can only *assume* they've fixed it but can't tell anyone yet
(it wasn't on
security.debian.org just now either
This is probably an update you don't want to be sleeping on
_______________________________________________
BitFolk Users mailing list <users(a)mailman.bitfolk.com>
You're subscribed as <bitfolk(a)adamspiers.org>
Unsubscribe: <
https://mailman.bitfolk.com/mailman/postorius/lists/users.mailman.bitfolk.c…
or send an email to
<users-leave(a)mailman.bitfolk.com>