DSA-5724-1 openssh - security update

Read Time:33 Second

The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd’s SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.

Details can be found in the Qualys advisory at
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://security-tracker.debian.org/tracker/DSA-5724-1

OpenIPMI-2.0.36-1.fc41

FEDORA-2025-ae55d50be2 Packages in this update: OpenIPMI-2.0.36-1.fc41 Update description: Update to 2.0.36 Fixes CVE-2024-42934 Read More

March 16, 2025

chromium-134.0.6998.88-3.fc42

FEDORA-2025-6b9cbdbdff Packages in this update: chromium-134.0.6998.88-3.fc42 Update description: Update to 134.0.6998.88 High CVE-2025-1920: Type Confusion in V8 High CVE-2025-2135: Type...

March 15, 2025

jupyterlab-4.3.6-1.fc41

FEDORA-2025-e50201543b Packages in this update: jupyterlab-4.3.6-1.fc41 Update description: Update to 4.3.6 (rhbz#2352545) Read More

March 14, 2025

jupyterlab-4.3.6-1.fc40

FEDORA-2025-1d68ba6806 Packages in this update: jupyterlab-4.3.6-1.fc40 Update description: Update to 4.3.6 (rhbz#2352545) Read More

March 14, 2025

MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR

Multiple vulnerabilities have been discovered in Sante PACS Server, the most severe of which could allow for remote code execution....

March 14, 2025

dotnet8.0-8.0.114-1.fc40

FEDORA-2025-83c147615e Packages in this update: dotnet8.0-8.0.114-1.fc40 Update description: This is the monthly update for .NET for March 2025. Release Notes:...

March 14, 2025

ClickFix: How to Infect Your PC in Three Easy Steps

Friday Squid Blogging: SQUID Band

Upcoming Speaking Engagements

LockBit Ransomware Developer Extradited to US

TP-Link Router Botnet

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Cybersecurity Industry Falls Short on Collaboration, Says Former GCHQ Director

Volt Typhoon Accessed US OT Network for Nearly a Year

CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure

DSA-5724-1 openssh – security update

OpenIPMI-2.0.36-1.fc41

chromium-134.0.6998.88-3.fc42

jupyterlab-4.3.6-1.fc41

jupyterlab-4.3.6-1.fc40

MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR

dotnet8.0-8.0.114-1.fc40