From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Update of openssh due to CVE CVE-2024-6387
Date: Mon, 01 Jul 2024 17:40:08 +0200
Message-ID: <f8d04d52-323c-4b55-9176-2fa2fa658990@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6931520814911085657=="
List-Id: <development.lists.ipfire.org>

--===============6931520814911085657==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi All,

Openssh has a CVE

https://community.ipfire.org/t/cve-2024-6387-openssh-regession/11806

I am building a package update for Openssh to 9.8p1 and will submit to go int=
o CU187.

I am not sure that it is super critical for IPFire as so far the exploit has =
only been demonstrated in 32 bit systems with the attacker having to try and =
make connections for 6 to 8 hours.

On 64 bit systems they expect it will take longer but so far the exploit has =
not yet been demonstrated.


Regards,

Adolf.


--===============6931520814911085657==--