Thank you very much Jonathan for your fast response and openssh update release. rgds Jimmy Cho On Tue, Jul 2, 2024 at 5:23 AM Jonathan Wright wrote:

I apologize for the error but the blog link was supposed to be https://almalinux.org/blog/2024-07-01-almalinux-9-cve-2024-6387/ _______________________________________________ Security mailing list -- security@lists.almalinux.org To unsubscribe send an email to security-leave@lists.almalinux.org

+1 From: Simon Dodd Date: Tuesday, July 2, 2024 at 5:36 AM To: Jonathan Wright , announce@lists.almalinux.org , security@lists.almalinux.org Subject: [Security] Re: AlmaLinux 9 OpenSSH "regreSSHion" CVE-2024-6387 Hi Jonathan, Thanks so much for your rapid response to this. Great work by you and your team! -- Kindest regards, Simon Dodd Customer Systems Engineer Pervade Software Tel: +44 1327 304 843 Email: simon@pervade-software.commailto:simon@pervade-software.com Web: www.pervade-software.comhttp://www.pervade-software.com/ This email contains proprietary and confidential information which may be legally privileged, and is for the intended recipient only. The contents of any telephone or face-to-face conversations relating to the same subject matters referenced in this email should also be considered proprietary and confidential. Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and email confirmation to the sender. Pervade Software Ltd, Registered in England & Wales No: 07060728 of Temple Court, 13a Cathedral Rd, Cardiff, UK, CF11 9HA. VAT No: 128 8405 03 Tel: 02920 647 632 Email: info@pervade-software.commailto:info@pervade-software.com From: Jonathan Wright Date: Monday, 1 July 2024 at 22:02 To: announce@lists.almalinux.org , security@lists.almalinux.org Subject: [Security] AlmaLinux 9 OpenSSH "regreSSHion" CVE-2024-6387 Hello, We have published updates for OpenSSH's "regreSSHion" vulnerability, CVE-2024-6387. Please see the blog post at https://f89ae520.almalinux-org.pages.dev/blog/2024-07-01-almalinux-9-cve-202... for more information. -- Jonathan Wright AlmaLinux Foundation Mattermost: chathttps://chat.almalinux.org/almalinux/messages/@jonathan

Our errata system was designed with being a RHEL clone in mind. As this is no longer the case we have to make some updates to have it support us making our own errata in addition to supporting RH's. This work isn't done yet, unfortunately. On Fri, Jul 5, 2024 at 4:52 AM Justin Schoeman wrote:

Thanks - that is an amazingly fast response to the issue.

The one problem though, is that there is still no errata for this update, so it is not being picked up by dnf-automatic. _______________________________________________ Security mailing list -- security@lists.almalinux.org To unsubscribe send an email to security-leave@lists.almalinux.org

-- Jonathan Wright AlmaLinux Foundation Mattermost: chat https://chat.almalinux.org/almalinux/messages/@jonathan