Hi Neil,

The following update in AlmaLinux 9 fixes the new security issue CVE-2024-6409:

openssh-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-clients-8.7p1-38.el9_4.1.alma.1.x86_64
openssh-server-8.7p1-38.el9_4.1.alma.1.x86_64

* Mon Jul 08 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 8.7p1-38.1.alma.1
- Possible remote code execution in privsep child due to a race condition
  Resolves: CVE-2024-6409
 
Best regards,

Pim Rupert
Lemonbit

07/10/2024 10:55 - Neil Coils wrote:
Good Morning,
 
We’ve just been made aware of a possible new OpenSSH Vulnerability CVE-2024-6409
 
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html
 
Can you please confirm if CVE-2024-6409 is covered by the update delivered for CVE-2024-6387 (aka RegreSSHion) or are we looking at a new vulnerability that will require a new update.
 
If a new update is required are there any details or release dates available. We are currently running OpenSSH_8.7p1 on AlmaLinux release 9.4 (Seafoam Ocelot)
 
Thanks for your help with this matter.
 
Best Regards
 
Neil Coils
Pervade Software
Mob:  +44 7740451604
Email: neil@pervade-software.com
Web:   www.pervade-software.com
 
This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender.
 
Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Road, Cardiff, CF11 9HA.  VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.com