[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Debian openssh option review: considering splitting out GSS-API key exchange
From: Marc Haber <mh+debian-devel () zugschlus ! de>
Date: 2024-04-02 11:30:43
Message-ID: E1rrcLj-00000000PhY-0uI1 () swivel
[Download RAW message or body]
On Tue, 2 Apr 2024 01:30:10 +0100, Colin Watson <cjwatson@debian.org>
wrote:
>We carry a patch to restore support for TCP wrappers, which was dropped
>in OpenSSH 6.7 (October 2014); see
>https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
>and thread. That wasn't long before the Debian 8 (jessie) freeze, and
>so I patched it back in "temporarily", but then I dropped the ball on
>organizing a proper transition.
Please don't drop the mechanism that saved my ¹ unstable installations
from being vulnerable to the current xz-based attack. Just having to
dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
maintain a packet filter.
Greetings
Marc
¹ and probably thousands others
--
----------------------------------------------------------------------------
Marc Haber | " Questions are the | Mailadresse im Header
Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic