What Happened
A vulnerability has been identified in specific versions of OpenSSH (8.5p1 <= OpenSSH < 9.8p1) that allows for Remote Code Execution (RCE). You need to update your OpenSSH package.

Affected Systems
- Rocky Linux 9 (please wait for upstream RHEL updates)
- Debian 12 (9.2p1-2+deb12u3 has fixed this vulnerability)

The following systems are not affected:
- Debian 10
- CentOS 7
- Rocky Linux 8
- Ubuntu 20.04
- Ubuntu 22.04 (8.9p1-3ubuntu0.10 has fixed this vulnerability)
- Ubuntu 24.04 (9.6p1-3ubuntu13.3 has fixed this vulnerability)

Debian and Ubuntu distributions have already patched this vulnerability. Please update your system immediately using apt update && apt upgrade.

For users of Rocky Linux 9, which has not yet received the security update, please modify your sshd configuration to temporarily mitigate the impact of this vulnerability:

echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config
systemctl restart sshd


Monday, July 1, 2024

« Back