There's a new version of the openssh-server package in Debian's security repo which fixes the latest vulnerability (see https://security-tracker.debian.org/tracker/DSA-5724-1) , however it's not getting installed on my Pi. I'm running the 64-bit version of Raspberry Pi OS bookworm, lite flavour.
Current version installed on my Pi:
Available versions:
Why is the version from bookworm-security not installing automatically? I tried manually specifying the repo to install from, but I get this:
OK, so let's specify server, client and sftp-server to be installed from bookworm-security:
Hmm, that seems to have worked. Is there something wrong with the package configuration on my machine? I would have expected anything available in bookworm-security to be installable be default, without having to manually specify the repo for every package. I'm wondering if there might be something wrong with the package/repo priority?
Current version installed on my Pi:
Code:
ii openssh-server 1:9.2p1-2+deb12u2 arm64Code:
andrew@tarmachan:~ $ apt-cache madison openssh-serveropenssh-server | 1:9.2p1-2+deb12u3 | http://deb.debian.org/debian-security bookworm-security/main arm64 Packagesopenssh-server | 1:9.2p1-2+deb12u2 | http://deb.debian.org/debian bookworm/main arm64 PackagesCode:
andrew@tarmachan:~ $ sudo apt install openssh-server/bookworm-securityReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneSelected version '1:9.2p1-2+deb12u3' (Debian-Security:12/stable-security [arm64]) for 'openssh-server'Selected version '1:9.2p1-2+deb12u3' (Debian-Security:12/stable-security [arm64]) for 'openssh-client' because of 'openssh-server'Some packages could not be installed. This may mean that you haverequested an impossible situation or if you are using the unstabledistribution that some required packages have not yet been createdor been moved out of Incoming.The following information may help to resolve the situation:The following packages have unmet dependencies: openssh-server : Depends: openssh-sftp-server but it is not going to be installedE: Unable to correct problems, you have held broken packages.Code:
andrew@tarmachan:~ $ sudo apt install openssh-server/bookworm-security openssh-client/bookworm-security openssh-sftp-server/bookworm-securityReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneSelected version '1:9.2p1-2+deb12u3' (Debian-Security:12/stable-security [arm64]) for 'openssh-server'Selected version '1:9.2p1-2+deb12u3' (Debian-Security:12/stable-security [arm64]) for 'openssh-client'Selected version '1:9.2p1-2+deb12u3' (Debian-Security:12/stable-security [arm64]) for 'openssh-sftp-server'Suggested packages: keychain libpam-ssh monkeysphere ssh-askpass molly-guard ufwThe following packages will be upgraded: openssh-client openssh-server openssh-sftp-server3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.Need to get 1,412 kB of archives.After this operation, 0 B of additional disk space will be used.Get:1 http://deb.debian.org/debian-security bookworm-security/main arm64 openssh-sftp-server arm64 1:9.2p1-2+deb12u3 [60.7 kB]Get:2 http://deb.debian.org/debian-security bookworm-security/main arm64 openssh-server arm64 1:9.2p1-2+deb12u3 [414 kB]Get:3 http://deb.debian.org/debian-security bookworm-security/main arm64 openssh-client arm64 1:9.2p1-2+deb12u3 [937 kB]Fetched 1,412 kB in 1s (1,260 kB/s)Reading changelogs... DonePreconfiguring packages ...(Reading database ... 89341 files and directories currently installed.)Preparing to unpack .../openssh-sftp-server_1%3a9.2p1-2+deb12u3_arm64.deb ...Unpacking openssh-sftp-server (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...Preparing to unpack .../openssh-server_1%3a9.2p1-2+deb12u3_arm64.deb ...Unpacking openssh-server (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...Preparing to unpack .../openssh-client_1%3a9.2p1-2+deb12u3_arm64.deb ...Unpacking openssh-client (1:9.2p1-2+deb12u3) over (1:9.2p1-2+deb12u2) ...Setting up openssh-client (1:9.2p1-2+deb12u3) ...Setting up openssh-sftp-server (1:9.2p1-2+deb12u3) ...Setting up openssh-server (1:9.2p1-2+deb12u3) ...rescue-ssh.target is a disabled or a static unit not running, not starting it.ssh.socket is a disabled or a static unit not running, not starting it.Processing triggers for man-db (2.11.2-2) ...Hmm, that seems to have worked. Is there something wrong with the package configuration on my machine? I would have expected anything available in bookworm-security to be installable be default, without having to manually specify the repo for every package. I'm wondering if there might be something wrong with the package/repo priority?
Statistics: Posted by andrum99 — Wed Jul 03, 2024 9:29 pm