Hi Neil, The following update in AlmaLinux 9 fixes the new security issue CVE-2024-6409:
openssh-8.7p1-38.el9_4.1.alma.1.x86_64 openssh-clients-8.7p1-38.el9_4.1.alma.1.x86_64 openssh-server-8.7p1-38.el9_4.1.alma.1.x86_64 * Mon Jul 08 2024 Andrew Lukoshko <[email protected]> - 8.7p1-38.1.alma.1 - Possible remote code execution in privsep child due to a race condition Resolves: CVE-2024-6409 Best regards, Pim Rupert Lemonbit 07/10/2024 10:55 - Neil Coils wrote: > Good Morning, > > We’ve just been made aware of a possible new OpenSSH Vulnerability > CVE-2024-6409 > > [1]https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html > > Can you please confirm if CVE-2024-6409 is covered by the update delivered for > CVE-2024-6387 (aka RegreSSHion) or are we looking at a new vulnerability that > will require a new update. > > If a new update is required are there any details or release dates available. > We are currently running OpenSSH_8.7p1 on AlmaLinux release 9.4 (Seafoam > Ocelot) > > Thanks for your help with this matter. > > Best Regards > Neil Coils > Pervade Software > Mob: [2]+44 7740451604 > Email: [3][email protected] > Web: [4]www.pervade-software.com > > This email contains proprietary and confidential information which may be > legally privileged, and is for the intended recipient only. The contents of > any telephone or face-to-face conversations relating to the same subject > matters referenced in this email should also be considered proprietary and > confidential. Access, disclosure, copying, distribution, or reliance on any of > it by anyone else is prohibited and may be a criminal offence. Please delete > if obtained in error and email confirmation to the sender. > > Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple > Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 > 647 632 Email: [5][email protected] [1] https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html [2] tel:+447740451604 [3] mailto:[email protected] [4] http://www.pervade-software.com [5] mailto:[email protected]
