Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112728800638596596">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 04-Jul-2024 23:58:07 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20240926225417.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112717299595954529" rel="in-reply-to">in reply to</a></div></section><article><p>The Windows OS bundled version of OpenSSH appears to be vulnerable to CVE-2024-6387 aka regreSSHion - it is version 8.6.0.1.</p><p>"The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function."</p><p>Microsoft operate their own fork but appear to have missed it: <a href="https://github.com/PowerShell/Win32-OpenSSH" rel="nofollow noreferrer">https://github.com/PowerShell/Win32-OpenSSH</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3317127#notice-6559494">In conversation</a><time datetime="2024-07-04T23:58:07+09:00" title="Thursday, 04-Jul-2024 23:58:07 JST">about 5 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112728800638596596" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112728800638596596">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2866204">Untitled attachment</a></label><br><a href="https://cyberplace.social/system/media_attachments/files/112/728/793/953/785/057/original/f5fe0e20b0818754.png" rel="external">https://cyberplace.social/system/media_attachments/files/112/728/793/953/785/057/original/f5fe0e20b0818754.png</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/PowerShell/Win32-OpenSSH">GitHub - PowerShell/Win32-OpenSSH: Win32 port of OpenSSH</a></h5><div></div></header><div>Win32 port of OpenSSH. Contribute to PowerShell/Win32-OpenSSH development by creating an account on GitHub.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 04-Jul-2024 23:58:07 JST Kevin Beaumont
in reply to
The Windows OS bundled version of OpenSSH appears to be vulnerable to CVE-2024-6387 aka regreSSHion - it is version 8.6.0.1.
"The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function."
Microsoft operate their own fork but appear to have missed it: https://github.com/PowerShell/Win32-OpenSSH
In conversationabout 5 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment
  https://cyberplace.social/system/media_attachments/files/112/728/793/953/785/057/original/f5fe0e20b0818754.png
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  GitHub - PowerShell/Win32-OpenSSH: Win32 port of OpenSSH
  Win32 port of OpenSSH. Contribute to PowerShell/Win32-OpenSSH development by creating an account on GitHub.

Public

Embed Notice

HTML Code

Corresponding Notice