Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-45942

Fix for CVE-2024-6387 missing

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • CentOS Stream 9, rhel-9.4
    • openssh
    • None
    • None
    • Critical
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      I was trying to ensure that the latest OpenSSH from CentOS Stream 9 and RHEL 9.4 are not vulnerable to CVE-2024-6387 on my systems.

      Please provide the package NVR for which bug is seen:

      • openssh-8.7p1-41.el9
      • openssh-8.7p1-38.el9

      Expected results

      The packages would indicate that this is fixed and I no longer need to use the mitigation as described in the RHSA on the CVE.

      Actual results

      There is no fixed version available. Not in Fedora, not in CentOS, and not in RHEL.

      Additional information

      SUSE has released a fix to openSUSE Tumbleweed: https://code.opensuse.org/package/openssh/c/58da43198c5aa3b0e82ea5720f5f828e95765027

      Additionally, AlmaLinux has released a fix.

              dbelyavs@redhat.com Dmitry Belyavskiy
              ngompa13@gmail.com Neal Gompa
              Dmitry Belyavskiy Dmitry Belyavskiy
              Miluse Bezo Konecna Miluse Bezo Konecna
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: