Rumours of critical vulnerability in OpenSSH in Red Hat Enterprise Linux
A posting on the Web Hosting Talk forum is feeding speculation about a critical security vulnerability in the OpenSSH server in CentOS/Red Hat Enterprise Linux (RHEL).
According to the posting, the vulnerability is present in the OpenSSL version 4.3 used in this distribution. Although the version number is already several years old, the Red Hat development team tend to backport patches for older versions, with the result that the software may well still be up-to-date.
It is rumoured, however, that the development team have introduced an error during this backporting process which may now be able to be exploited to gain access to servers.