|
|
Subscribe / Log in / New account

alpine

alpine

Posted Jul 2, 2024 6:18 UTC (Tue) by gioele (subscriber, #61675)
In reply to: alpine by LtWorf
Parent article: Serious vulnerability fixed with OpenSSH 9.8

> Quite annoying to see articles and comments claiming that alpine is not vulnerable when the email is saying it probably is, but they never tested it.

It's not only random commenters, musl's maintainer stated:

> OpenSSH sshd on musl-based systems is not vulnerable to RCE via CVE-2024-6387 (regreSSHion).
>
> This is because we do not use localtime in log timestamps and do not use dynamic allocation (because it could fail under memory pressure) for printf formatting.
>
> While the sshd bug is UB (AS-unsafe syslog call from signal context), very deliberate decisions we made for other good reasons reduced the potential impact to deadlock taking a lock.

https://fosstodon.org/@musl/112711796005712271

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds