https://nvd.nist.gov/vuln/detail/CVE-2024-6387
https://ubuntu.com/security/CVE-2024-6387
| PACKAGE | RELEASE | STATUS | |
|---|---|---|---|
| openssh Launchpad, Ubuntu, Debian | bionic | 18.04 | Not vulnerable (introduced in v8.5p1) |
| focal | 20.04 | Not vulnerable (introduced in v8.5p1) | |
| jammy | 22.04 | Released (1:8.9p1-3ubuntu0.10) | |
| mantic | 23.10 | Released (1:9.3p1-1ubuntu3.6) | |
| noble | 24.04 | Released (1:9.6p1-3ubuntu13.3) | |
| trusty | 14.04 | Not vulnerable (introduced in v8.5p1) | |
| xenial | 16.04 | Not vulnerable (introduced in v8.5p1) | |
| upstream | Pending (9.8p1) |
apt update
apt install openssh-{client,server}
https://security-tracker.debian.org/tracker/CVE-2024-6387
| Source Package | Release | Version | Status |
|---|---|---|---|
| openssh (PTS) | bullseye (security), bullseye | 1:8.4p1-5+deb11u3 | fixed |
| bookworm | 1:9.2p1-2+deb12u2 | vulnerable | |
| bookworm (security) | 1:9.2p1-2+deb12u3 | fixed | |
| sid, trixie | 1:9.7p1-7 | fixed |
https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression
dnf install rocky-release-security dnf config-manager --disable security-common dnf --enablerepo=security-common update openssh\*