Support Content Notification - Support Portal

USN-6859-1: OpenSSH vulnerability

Product/Component

Notification Id

24763

Last Updated

22 August 2024

Initial Publication Date

22 August 2024

Status

CLOSED

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-6387

Severity

high

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 22.04
Cflinuxfs4
Operations Manager Image 3.0.x

It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials. Update Instructions: Run `sudo pro fix USN-6859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:8.9p1-3ubuntu0.10 openssh-server - 1:8.9p1-3ubuntu0.10 openssh-sftp-server - 1:8.9p1-3ubuntu0.10 openssh-tests - 1:8.9p1-3ubuntu0.10 ssh - 1:8.9p1-3ubuntu0.10 ssh-askpass-gnome - 1:8.9p1-3ubuntu0.10 No subscription required.

Fixed VMware Products and Versions

Cflinuxfs4

1.99.0 or greater

Jammy Stemcells

1.486 or greater

References

https://ubuntu.com/security/notices/USN-6859-1

https://www.cloudfoundry.org/blog/usn-6859-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6859-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24763

History

2024-07-01: Initial vulnerability report published.