This week in security: hide your SSH, Polyfill and pack it
The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, which was inadvertently reintroduced in 2021’s 8.5p1. The flaw is a signal handler race condition, where async-unsafe code is called from the SIGALARM handler. What does that mean? To … Read more