Major security advisory in OpenSSH on FreeBSD: FreeBSD-SA-24:04.openssh

Can we expect TrueNAS Core to release a patched binary for openssh/opensshd?

Thanks in advance!

No. But it might make its way into 13.3.

I’m sure it would make it’s way in 13.3 (the FreeBSD code base is already updated and when CORE 13.3 gets built it will pull in that updated code base).

I guess in the meantime you can do the “workaround”.

IV.  Workaround

If sshd(8) cannot be updated, this signal handler race condition can be
mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and
restarting sshd(8).  This makes sshd(8) vulnerable to a denial of service
(the exhaustion of all MaxStartups connections), but makes it safe from the
remote code execution presented in this advisory.

LOL. If you’re subject to a DDOS attack inside your firewall, you have other things to worry about. :slight_smile:


I guess the same goes for the exploit itself too. :slight_smile: I, personally, change the port from 22 to something else. I know that’s a bit crazy from within my network but…*meh* that’s what .ssh\config is for.

1 Like

Yes. Expect schedule details soonish.


Details have arrived: