[Security] Re: [#1494011] OpenSSH Vulnerability CVE-2024-6409

Hi All, That’s great news thanks for the very quick response. I’ve checked this update using a minimal AlmaLinux 9.4 build and running yum update and it’s all good. Thanks again. Neil Coils Pervade Software Mob: +44 7740451604tel:+447740451604 Email: neil@pervade-software.commailto:neil@pervade-software.com Web: www.pervade-software.comhttp://www.pervade-software.com/ This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.commailto:info@pervade-software.com From: Lemonbit Announce Date: Wednesday, 10 July 2024 at 11:01 To: Neil Coils Cc: security@lists.almalinux.org Subject: Re: [#1494011] [Security] OpenSSH Vulnerability CVE-2024-6409 Hi Neil, The following update in AlmaLinux 9 fixes the new security issue CVE-2024-6409: openssh-8.7p1-38.el9_4.1.alma.1.x86_64 openssh-clients-8.7p1-38.el9_4.1.alma.1.x86_64 openssh-server-8.7p1-38.el9_4.1.alma.1.x86_64 * Mon Jul 08 2024 Andrew Lukoshko - 8.7p1-38.1.alma.1 - Possible remote code execution in privsep child due to a race condition Resolves: CVE-2024-6409 Best regards, Pim Rupert Lemonbit 07/10/2024 10:55 - Neil Coils wrote: Good Morning, We’ve just been made aware of a possible new OpenSSH Vulnerability CVE-2024-6409 https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html Can you please confirm if CVE-2024-6409 is covered by the update delivered for CVE-2024-6387 (aka RegreSSHion) or are we looking at a new vulnerability that will require a new update. If a new update is required are there any details or release dates available. We are currently running OpenSSH_8.7p1 on AlmaLinux release 9.4 (Seafoam Ocelot) Thanks for your help with this matter. Best Regards Neil Coils Pervade Software Mob: +44 7740451604tel:+447740451604 Email: neil@pervade-software.commailto:neil@pervade-software.com Web: www.pervade-software.comhttp://www.pervade-software.com This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.commailto:info@pervade-software.com