I’m running a few Debian stable systems that are up to date on patches.

But I just ran ssh -V and the OpenSSH version listed is “OpenSSH_9.2p1 Debian-2+deb12u3” which as I understand is still vulnerable.

Am I missing something or am I good?

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      They patch stuff like this fast because it’s a remote exploit. Local privilege escalation exploits are fixed much slower.

      • TCB13@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        I know, I know, but trust me that a lot of people believe that they don’t issue security patches fast.

    • Mactan
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      5 months ago

      LTS means security fixes, but little else if any. good luck if you need a feature that came out a year ago it’s not in the repo yet