OpenSSH currently has a bug that will help would-be attackers figure out actual account names on your system by timing how long the server responds to incorrect logins.

You can read the full info on Linux Forum.

We’ve just brought back online! Starting with a clean slate, there’s not much going on yet, but please go on and introduce yourselves. Ask/answer questions!


There have been updates to the nss, nss-util and nspr packages to address moderate security flaws (CVE-2016-1978, CVE-2016-1979). The new packages are syncing through the various mirrors currently.
Continue Reading…

Back in June of 2015, CVE-2015-1805 a kernel patch was released to implement a fix for vectored pipe read and write functionality which could potentially result in memory corruption. A local, unprivileged user could use the flaw in an unpatched kernel to crash the system or escalate their privileges on the system.
Continue Reading…

At some point you will find it very handy to be able to run the same command on multiple servers. Sure, you could just put a list of IPs in a file and run something against it using a for loop, but gsh is going to make your life much easier.
Continue Reading…