On 32-bit Raspberry Pi OS Bullseye with desktop I have this:
According to https://security-tracker.debian.org/tra ... -2024-6387 that package version, namely 1:8.4p1-5+deb11u3, which seems to be what you're running, is already 'fixed'. More specifically, per the bottom of that page, it wasn't vulnerable in the first place, since the offending code was introduced after that version was released ![👍]()
(I've not tested the 64-bit version of Raspberry Pi OS Bullseye - I don't use it. All my Pis that run a 64-bit OS are on Raspberry Pi OS Bookworm, but it is presumably not vulnerable either, for the same reason).
Code:
andrew@lomond:~ $ dpkg-query -l | grep opensshii openssh-client 1:8.4p1-5+deb11u3 armhf secure shell (SSH) client, for secure access to remote machinesii openssh-server 1:8.4p1-5+deb11u3 armhf secure shell (SSH) server, for secure access from remote machinesii openssh-sftp-server 1:8.4p1-5+deb11u3 armhf secure shell (SSH) sftp server module, for SFTP access from remote machines
(I've not tested the 64-bit version of Raspberry Pi OS Bullseye - I don't use it. All my Pis that run a 64-bit OS are on Raspberry Pi OS Bookworm, but it is presumably not vulnerable either, for the same reason).
Statistics: Posted by andrum99 — Fri Jul 05, 2024 3:11 pm