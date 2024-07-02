OpenSSH 9.8 has been

released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc

systems with ASLR. Under lab conditions, the attack requires on

average 6-8 hours of continuous connections up to the maximum the

server will accept. Exploitation on 64-bit systems is believed to

be possible but has not been demonstrated at this time. It's likely

that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been

examined.

There is a

configuration workaround for systems that cannot be updated, though it

has its own problems. See this Qualys

advisory for more details.