RHSA-2024:4312

Description

Red Hat Security Advisory: openssh security update

CVSS Metrics

• v3.1•HIGH•Score: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•openssh

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-askpass

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-askpass-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-clients

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-clients-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-debugsource

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-keycat

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-keycat-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-server

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-server-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•openssh-sk-dummy-debuginfo

  < 0:8.7p1-38.el9_4.1 | < 0:8.7p1-38.el9_4.1

• redhat•pam_ssh_agent_auth

  < 0:0.10.4-5.38.el9_4.1 | < 0:0.10.4-5.38.el9_4.1

• redhat•pam_ssh_agent_auth-debuginfo

  < 0:0.10.4-5.38.el9_4.1 | < 0:0.10.4-5.38.el9_4.1

References (10)

• https://access.redhat.com/errata/RHSA-2024:4312
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=2294604
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4312.json
• https://access.redhat.com/security/cve/CVE-2024-6387
• https://www.cve.org/CVERecord?id=CVE-2024-6387
• https://nvd.nist.gov/vuln/detail/CVE-2024-6387
• https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
• https://www.openssh.com/txt/release-9.8
• https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt