Hi Neil,
The following update in AlmaLinux 9 fixes the new security issue
CVE-2024-6409:
openssh-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-clients-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-server-8.7p1-38.el9_4.1.alma.1.x86_64
* Mon Jul 08 2024 Andrew Lukoshko
We’ve just been made aware of a possible new OpenSSH Vulnerability CVE-2024-6409 [1]https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html Can you please confirm if CVE-2024-6409 is covered by the update delivered for CVE-2024-6387 (aka RegreSSHion) or are we looking at a new vulnerability that will require a new update. If a new update is required are there any details or release dates available. We are currently running OpenSSH_8.7p1 on AlmaLinux release 9.4 (Seafoam Ocelot) Thanks for your help with this matter. Best Regards Neil Coils Pervade Software Mob: [2]+44 7740451604 Email: [3]neil@pervade-software.com Web: [4]www.pervade-software.com This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: [5]info@pervade-software.com
[1] https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html [2] tel:+447740451604 [3] mailto:neil@pervade-software.com [4] http://www.pervade-software.com [5] mailto:info@pervade-software.com