|
|
|
|
|
|
by chasil
712 days ago
|
|
|
I'm on Oracle Linux, and they appear to have already issued a patch for this problem: openssh-8.7p1-38.0.2.el9.x86_64.rpm
openssh-server-8.7p1-38.0.2.el9.x86_64.rpm
openssh-clients-8.7p1-38.0.2.el9.x86_64.rpm
The changelog addresses the CVE directly. It does not appear that adding the -e directive is necessary with this patch. $ rpm -q --changelog openssh-server | head -3
* Wed Jun 26 2024 Alex Burmashev <alexander.burmashev@oracle.com> - 8.7p1-38.0.2
- Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468]
Resolves CVE-2024-6387
|
|
|