-
Notifications
You must be signed in to change notification settings - Fork 535
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSH critical vulnerability CVE-2024-6387 #9555
Labels
feature-request
Request for a feature or enhancement
Comments
We're aware of it and working on the fix. Our preference is usually to backport rather than major version jumps, but this will be addressed shortly. |
Will this also address CVE-2023-28531? |
This was referenced Jul 4, 2024
The updated ssh package was published yesterday with our -6 openssh package. We opted to backport the fix rather than rolling forward to the new major version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Update openssh to version 9.8p1 to mitigate CVE-2024-6387 (https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server)
We are currently on version 8.9p1 https://github.com/microsoft/azurelinux/blob/2.0/SPECS/openssh/openssh.spec#L1
The text was updated successfully, but these errors were encountered: