Tech »  Topic »  The 4th Linux kernel flaw this month can lead to stolen SSH host keys

The 4th Linux kernel flaw this month can lead to stolen SSH host keys

5 hours ago   zdnet.com

The good news is there's already a patch. The bad news is that the fix isn't available for all Linux distributions yet. Here's what you can do in the meantime.

ismagilov/iStock/Getty Images Plus

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

  • Another day, another Linux bug. 
  • There is a patch out now.  
  • However, it's not available yet in most distros. 

Linux's latest kernel flaw doesn't have a fancy name; it's just called "ssh‑keysign‑pwn." It's the fourth high‑profile local security hole to hit Linux in just a few weeks. This one enables ordinary users to quietly read some of the most sensitive files on a system, including Secure Shell (SSH) host private keys and the shadow password file.

The vulnerability gets its "ssh‑keysign‑pwn" nickname from one of the main exploitation ...


Copyright of this story solely belongs to zdnet.com . To see the full text click HERE