CVE/CVE-2024-6387

From Omnia
< CVE
Revision as of 02:26, 4 July 2024 by Kenneth (talk | contribs)
Jump to navigation Jump to search

openssh vulnerability

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

https://www.cvedetails.com/cve/CVE-2024-6387/

---

https://ubuntu.com/security/CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH’s server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Published: 1 July 2024
14 - trusty	Not vulnerable (introduced in v8.5p1)
16 - xenial	Not vulnerable (introduced in v8.5p1)
18 - bionic	Not vulnerable (introduced in v8.5p1)
20 - focal	Not vulnerable (introduced in v8.5p1)
22 - jammy	Released (1:8.9p1-3ubuntu0.10)
24 - noble	Released (1:9.6p1-3ubuntu13.3)

---

Notice:

https://ubuntu.com/security/notices/USN-6859-1

Update to:

Ubuntu 24.04
 openssh-client - 1:9.6p1-3ubuntu13.3
 openssh-server - 1:9.6p1-3ubuntu13.3
Ubuntu 23.10
 openssh-client - 1:9.3p1-1ubuntu3.6
 openssh-server - 1:9.3p1-1ubuntu3.6
Ubuntu 22.04
 openssh-client - 1:8.9p1-3ubuntu0.10
 openssh-server - 1:8.9p1-3ubuntu0.10