Re: ssh vulnerability CVE-2024-6387

2024-07-17 Thread Brian Inglis via Cygwin
On 2024-07-17 07:25, Bill Stewart via Cygwin wrote: On Wed, Jul 17, 2024 at 6:25 AM Lemons, Terry via Cygwin wrote: Vulnerability scanners run at my company have detected the following vulnerability in the Cygwin sshd: CVE-2024-6387CVSS 3: 8.1 OpenSSH could allow a remote attacker to execu

Re: ssh vulnerability CVE-2024-6387

2024-07-17 Thread Bill Stewart via Cygwin
On Wed, Jul 17, 2024 at 6:25 AM Lemons, Terry via Cygwin wrote: Vulnerability scanners run at my company have detected the following > vulnerability in the Cygwin sshd: > > CVE-2024-6387CVSS 3: 8.1 > > OpenSSH could allow a remote attacker to execute arbitrary code on the > system, caused by a

Re: cygwin application hangs on closing console

2024-07-17 Thread Johannes Khoshnazar-Thoma via Cygwin
Hi Takashi, Hi Corinna, Your patch to the allocation of a unique identifier to use as event name in closing the console seems to solve our client's problems. Thank you so much again, is there a cygwin1.dll release planned in the near future? I can of course compile it on my own, but I feel a bit

ssh vulnerability CVE-2024-6387

2024-07-17 Thread Lemons, Terry via Cygwin
Hi Vulnerability scanners run at my company have detected the following vulnerability in the Cygwin sshd: CVE-2024-6387CVSS 3: 8.1 OpenSSH could allow a remote