Specifically, openssh-7.6p1-audit.patch found in Red Hat’s package of
OpenSSH adds code to cleanup_exit() that exposes the issue. Relevantly,
this patch is found in RHEL 9 (and its rebuild/downstream
distributions), where the package is based on OpenSSH 8.7p1.
Debian oldstable is safe from this as well
sugar_in_your_tea@sh.itjust.works
on 11 Jul 2024 22:46
collapse
Looks like openSUSE Leap is fine, not sure about other SUSE distros.
threaded - newest
Flashback xz package in linux getting louder and louder
xz was a deliberate supply chain attack this is just a bug, accidental, not a rhel backdoor
Yes, only RHEL based releases affected (source):
Debian oldstable is safe from this as well
Looks like openSUSE Leap is fine, not sure about other SUSE distros.