'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems - Upgoat

'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
submitted by Dingo to Linux 10 monthsJul 1, 2024 11:51:31 ago (+14/-0) (www.computing.co.uk)
https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems

More info here: https://redlib.catsarch.com/r/linux/comments/1dsvgli/critical_vulnerability_in_openssh_uncovered/

============Below is a comment with other links=============

Debian system on stable seem like they're not affected. I checked my open SSH version using sudo apt show openssh-server and looks like I'm running:

Package: openssh-server Version: 1:7.9p1-10+deb10u4

And the article listed states that this version isn't affected.

My Ubuntu machine is on version Version: 1:8.9p1-3ubuntu0.7 and looks like this version IS affected by this bug. I'm on the jammy release and they have released a new version that fixes this problem, so just a quick update should fix the issue.

Sources:

Ubuntu: https://ubuntu.com/security/CVE-2024-6387
RedHat: https://access.redhat.com/security/cve/CVE-2024-6387
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387

Dingo 0 points 10 months ago

This is very interesting information. I wonder what the precise nature was and the "urgent fix" they shoehorn into all the other updates.

Ubuntu 22.04 through current are affected.

Do you mean 22.04 and before or 22.04 and after?