Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OKD FCOS 4.15] OKD upgrade to fix SSH vulnerability #2116

Open
parseltongued opened this issue Feb 17, 2025 · 1 comment
Open

[OKD FCOS 4.15] OKD upgrade to fix SSH vulnerability #2116

parseltongued opened this issue Feb 17, 2025 · 1 comment

Comments

@parseltongued
Copy link

parseltongued commented Feb 17, 2025
edited
Loading

Hi,

I have a 3-node OKD FCOS 4.15 airgap cluster with images hosted on an on-prem Quay. I want to fix a ssh vulnerability by upgrading just the openssh-server package alone to > version 9.8 without migrating to OKD SCOS 4.16 yet.

rpm-os-tree fetches from okd image base and if pointing to Fedora vanilla core-os base, the master doesn't join cluster.

Any help is greatly appreciated.

Cluster environment
OKD Cluster Version: 4.15.0-0.okd-2024-03-10-010116
Kernel version: v1.28.2-3598+6e2789bbd58938
Installation method: Bare-metal VSphere UPI (Airgapped, self hosted quay)****
@kai-uwe-rommel
Copy link

There is a technote from Red Hat how to mitigate SSH vulnerabilities via a machine config without upgrading the package.
https://access.redhat.com/solutions/7077080
"MachineConfig to mitigate CVE-2024-6387 and CVE-2024-6409"
I have not done this myself yet but a coworker at a customer did this successfully.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kai-uwe-rommel @parseltongued