I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
@AndresFreundTec intercepting RSA_public_decrypt implies it only triggers for RSA-based ssh keys. Glad I switched all my keys to ed25519 already.
@hyc @AndresFreundTec It triggers for *anyone* trying to log in using RSA-based SSH keys. Even if you've switched your keys over, an attacker can still trigger it by trying to log in using RSA.
@carnildo @AndresFreundTec by switching I meant disabling use of RSA in the sshd config. It's been deprecated in OpenSSH for a while already.