OpenSSH critical vulnerability CVE-2024-6387 #9555
Labels
feature-request
Request for a feature or enhancement
Comments
|
We're aware of it and working on the fix. Our preference is usually to backport rather than major version jumps, but this will be addressed shortly. |
|
Will this also address CVE-2023-28531? |
This was referenced Jul 4, 2024
|
The updated ssh package was published yesterday with our -6 openssh package. We opted to backport the fix rather than rolling forward to the new major version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Update openssh to version 9.8p1 to mitigate CVE-2024-6387 (https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server)
We are currently on version 8.9p1 https://github.com/microsoft/azurelinux/blob/2.0/SPECS/openssh/openssh.spec#L1
The text was updated successfully, but these errors were encountered: