a) regreSSHion, CVE-2024-6387, is an unauthenticated remote code execution in OpenSSH’s server (sshd) that grants full root access. It affects the default configuration and does not require user interaction. It poses a significant exploit risk. [link]
Debian 12 users are advised to upgrade to 1:9.2p1-2+deb12u3 immediately. [link]
b) NGINX PGP Signing Key is updated, all NGINX repository users are required to import the new keys. [link]