Security News

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
2023-02-06 09:55

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server.Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.

OpenSSH fixes double-free memory bug that’s pokable over the network
2023-02-03 19:59

Telnet was remarkably simple and effective: instead of connecting physical wires to make a teletype connection to remote servers, you used a TELetype NETwork connection instead. Basically, the data that would usually flow back and forth over a dedicated serial connection or dial-up phone connection was sent and received over the internet, using a packet-switched TCP network connection instead of a circuit-switched point-to-point link. Sshd: fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1.