regreSSHion vulnerability

[apmuthu]

Is the PVE 8.2 and earlier affected by:
https://arstechnica.com/security/20...ity-in-openssh-gives-attackers-root-on-linux/

# ssh -V
OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.13 30 Jan 2024

# openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)

 

[fabian]

the SSH packages are provided directly by Debian. so yes, PVE (and PMG and PBS) releases based on Bookworm were affected, and are already fixed if you've installed Debian security updates.

 

[apmuthu]

Thanks for the info and noted that a recent openssl update was done.