OpenSSH 9.8 released, fixes a critical race condition on Linux (which can allow RCE as root) and a bug in keystroke timing mitigation
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041430.html
Of course if they'd adopted LINEMODE support as I recommended 14 years ago, they would never have been vulnerable to keystroke timing attacks.
https://github.com/hyc/OpenSSH-LINEMODE
Howard Chu @ Symas /
npub1tt…ex9ud
2024-07-01 13:23:06
Author Public Key
npub1tt4j2zeswksjh5z7zmy283qd4yd920afy9j28xg45wsxzhl9rpjqrex9udPublished at
2024-07-01 13:23:06Event JSON
{
"id": "3dc8b4151d1377b42a2f0a225559656b578516beafd8bc4b366ce16837dcd3bf",
"pubkey": "5aeb250b3075a12bd05e16c8a3c40da91a553fa92164a39915a3a0615fe51864",
"created_at": 1719840186,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/hyc/statuses/112711446460311856",
"activitypub"
]
],
"content": "OpenSSH 9.8 released, fixes a critical race condition on Linux (which can allow RCE as root) and a bug in keystroke timing mitigation\n\nhttps://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041430.html\n\nOf course if they'd adopted LINEMODE support as I recommended 14 years ago, they would never have been vulnerable to keystroke timing attacks.\n\nhttps://github.com/hyc/OpenSSH-LINEMODE",
"sig": "b283578d71502e8d7b8ef0a32641063b35972e2dcf5112fb2922c0f04842d3d743c23f559cc3ed5e0e38555bf249fc89e4a45f9d4cebf6a0d5d1eb5612a57242"
}