Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

241
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#patchtuesday

0 posts0 participants0 posts today
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #15/2025 is out!

It includes the following and much more:

🇺🇸 The U.S. Department of Justice has disbanded its National #Cryptocurrency Enforcement Unit;

🇳🇱 To tackle #espionage, Dutch government plans to screen university students and researchers;

🐛 Another busy #PatchTuesday;

🐛 #NIST will mark all CVEs published before January 1, 2018, as 'Deferred';

🇺🇸 Trump Signs Memorandum Revoking Security Clearance of Former #CISA Director Chris Krebs;

🇨🇳 #China Admitted to Volt Typhoon #Cyberattacks on US Critical Infrastructure;

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 15/2025The U.S. Department of Justice has disbanded its National Cryptocurrency Enforcement Unit; To tackle espionage, Dutch government plans to screen university students and researchers; Another busy Patch Tuesday; NIST will mark all CVEs published before January 1, 2018, as 'Deferred'; Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs; China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure;
Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2025 is out!

It includes the following and much more:

➝ Alleged Co-Founder of #Garantex Arrested in India;

➝ X Suffered a #DDoS Attack;

➝ Microsoft #PatchTuesday Fixes 7 Zero-days;

➝ UK Hospital Discovered 5,000 to 10,000 Unknown Devices Connected to its Network;

#NVIDIA Chips Smugglers Granted Bail in Singapore;

#Tenable tested #DeepSeek's Ability to Generate #Malware;

#OpenAI labelling DeepSeek as "state-controlled";

➝ New #Jailbreak Method called Context Compliance Attack (CCA) Works Against Most #AI Models

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s InfoSec Newsletter🕵🏻‍♂️ [InfoSec MASHUP] 11/2025Alleged Co-Founder of Garantex Arrested in India; X Suffered a DDoS Attack;Microsoft Patch Tuesday Fixes 7 Zero-days; UK Hospital Discovered 5,000 to 10,000 Unknown Devices Connected to its Network; NVIDIA Chips Smugglers Granted Bail in Singapore; Tenable tested DeepSeek's Ability to Generate Malware; OpenAI labelling DeepSeek as "state-controlled"; New Jailbreak Method called Context Compliance Attack (CCA) Works Against Most AI Models
Public
RF Wave

#Microsoft has released software updates as part of its March 2025 #PatchTuesday

The updates fix 57 security vulnerabilities in total, including 6 zero-day vulnerabilities that are being actively exploited

Administrators are advised to test and patch ASAP, prioritizing the actively exploited zero-days

#cybersecurity #vulnerabilitymanagement

rfwave.io/blog/microsoft-mar20

RF WaveMicrosoft Releases March 2025 Patches — RF WaveMicrosoft March 2025 patches fix 57 flaws including 6 actively exploited zero-day vulnerabilities
Public *
ティージェーグレェ
I submitted a Pull Request to update MacPorts' OpenSSH to 9.9p2 here:

https://github.com/macports/macports-ports/pull/27712

GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign).

I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL.

This release is to address some vulnerabilities identified by Qualys and other less critical bugs.

More details from upstream here:

https://www.openssh.com/releasenotes.html#9.9p2

Of particular note:

" Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2MSGPING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH."

If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users:

"008: SECURITY FIX: February 18, 2025 All architectures
sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem."

Source code patch for OpenBSD here:

https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig

Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present.

As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it.

#OpenSSH #MacPorts #SecureShell #InfoSec #Cryptography #Security #CVE #PatchTuesday #OpenSource #OpenBSD
GitHubopenssh: update to 9.9p2 by artkiver · Pull Request #27712 · macports/macports-portsBy artkiver
ExploreLive feeds
About