openssh: fix CVE-2024-6387
sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive). Race condition resulting in potential remote code execution. A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems. This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config) though this makes denial-of service against sshd(8) considerably easier. For more information, please refer to the release notes [1] and the report from the Qualys Security Advisory Team [2] who discovered the bug. [1] https://www.openssh.com/txt/release-9.8 [2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt References: https://www.openssh.com/security.html Signed-off-by:Jose Quaresma <jose.quaresma@foundries.io> v2: include the missing cve tag: CVE: CVE-2024-6387 v3: add the Signed-off-by on the CVE-2024-6387.patch Signed-off-by:
Loading
Please register or sign in to comment