On Mon, Jan 9, 2023 at 9:09 PM Konstantin Olchanski <olcha...@triumf.ca> wrote: > > On Mon, Jan 09, 2023 at 03:26:33PM -0800, Yasha Karant wrote: > > > > The SL6 issue is a different matter. Not only are various > > applications vulnerable to compromises from the Internet, but so is > > the kernel as well as kernel systems support software. > > > > This is FUD. Which applications, which exploits? AFAIK, there is > no remote exploits against SL6 ssh, there is no remote exploits > against SL6 apache and there is no remote exploits agaist SL6 linux > kernels. If you know otherwises, please post a list of applicable CVEs.
May I encourage you to do your own checks? Start with: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cvedetails.com_vulnerability-2Dlist_vendor-5Fid-2D97_product-5Fid-2D585_Openbsd-2DOpenssh.html&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=28LXkh16-z-FUB8ZoBQ3zkL-WDG9aCUaqnawVhtw9yyl08Y4HxEfqWJ2pBWgw9Gi&s=fNfTIC2Jn0-Sne_oXed2PzcPsO_PqQdFtgTWP184B8A&e=