Larvitz :fedora: :redhat: on Nostr: Short summary of the #regreSSHion vulnerability (CVE-2024-6387) It's an ...
Short summary of the #regreSSHion vulnerability (CVE-2024-6387)
It's an unauthenticated remote code execution that works without user interaction. Therefore a rather high security risk for systems running #openssh.
Affected versions (AFAIK):
Any version older than 4.4p1 and 8.5p1 until 9.8. The first upstream version, containing a fix is 9.8p1. But since distributions often backport security fixes to older versions, a deeper look is necessary.
Short summary for bigger distributions:
Debian: Stable, testing and sid are affected. A patch for stable has been released. (https://security-tracker.debian.org/tracker/CVE-2024-6387)
Ubuntu: 22.04, 23.10 and 23.04 are affected. A patch for them has been released. (https://ubuntu.com/security/notices/USN-6859-1)
Red Hat: RHEL version 6-8 are not affected. RHEL9 is and by now, there isn't a patch available https://access.redhat.com/security/cve/CVE-2024-6387)
#linux #openssh #CVE-2024-6387 #RCE #security #distributions
It's an unauthenticated remote code execution that works without user interaction. Therefore a rather high security risk for systems running #openssh.
Affected versions (AFAIK):
Any version older than 4.4p1 and 8.5p1 until 9.8. The first upstream version, containing a fix is 9.8p1. But since distributions often backport security fixes to older versions, a deeper look is necessary.
Short summary for bigger distributions:
Debian: Stable, testing and sid are affected. A patch for stable has been released. (https://security-tracker.debian.org/tracker/CVE-2024-6387)
Ubuntu: 22.04, 23.10 and 23.04 are affected. A patch for them has been released. (https://ubuntu.com/security/notices/USN-6859-1)
Red Hat: RHEL version 6-8 are not affected. RHEL9 is and by now, there isn't a patch available https://access.redhat.com/security/cve/CVE-2024-6387)
#linux #openssh #CVE-2024-6387 #RCE #security #distributions