Hi All,
That’s great news thanks for the very quick response.
I’ve checked this update using a minimal AlmaLinux 9.4 build and running yum update and it’s all good.
Thanks again.
Neil Coils
Pervade Software
Mob: +44 7740451604tel:+447740451604
Email: neil@pervade-software.commailto:neil@pervade-software.com
Web: www.pervade-software.comhttp://www.pervade-software.com/
This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender.
Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.commailto:info@pervade-software.com
From: Lemonbit Announce
Date: Wednesday, 10 July 2024 at 11:01
To: Neil Coils
Cc: security@lists.almalinux.org
Subject: Re: [#1494011] [Security] OpenSSH Vulnerability CVE-2024-6409
Hi Neil,
The following update in AlmaLinux 9 fixes the new security issue CVE-2024-6409:
openssh-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-clients-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-server-8.7p1-38.el9_4.1.alma.1.x86_64
* Mon Jul 08 2024 Andrew Lukoshko - 8.7p1-38.1.alma.1
- Possible remote code execution in privsep child due to a race condition
Resolves: CVE-2024-6409
Best regards,
Pim Rupert
Lemonbit
07/10/2024 10:55 - Neil Coils wrote:
Good Morning,
We’ve just been made aware of a possible new OpenSSH Vulnerability CVE-2024-6409
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html
Can you please confirm if CVE-2024-6409 is covered by the update delivered for CVE-2024-6387 (aka RegreSSHion) or are we looking at a new vulnerability that will require a new update.
If a new update is required are there any details or release dates available. We are currently running OpenSSH_8.7p1 on AlmaLinux release 9.4 (Seafoam Ocelot)
Thanks for your help with this matter.
Best Regards
Neil Coils
Pervade Software
Mob: +44 7740451604tel:+447740451604
Email: neil@pervade-software.commailto:neil@pervade-software.com
Web: www.pervade-software.comhttp://www.pervade-software.com
This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender.
Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.commailto:info@pervade-software.com