USN-6859-1: OpenSSH vulnerability
24763
22 August 2024
22 August 2024
CLOSED
HIGH
CVE-2024-6387
Severity
high
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
- Cflinuxfs4
- Operations Manager Image 3.0.x
It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials. Update Instructions: Run `sudo pro fix USN-6859-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:8.9p1-3ubuntu0.10 openssh-server - 1:8.9p1-3ubuntu0.10 openssh-sftp-server - 1:8.9p1-3ubuntu0.10 openssh-tests - 1:8.9p1-3ubuntu0.10 ssh - 1:8.9p1-3ubuntu0.10 ssh-askpass-gnome - 1:8.9p1-3ubuntu0.10 No subscription required.
Fixed VMware Products and Versions
- Cflinuxfs4
- 1.99.0 or greater
- Jammy Stemcells
- 1.486 or greater
References
https://ubuntu.com/security/notices/USN-6859-1
https://www.cloudfoundry.org/blog/usn-6859-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6859-1
History
2024-07-01: Initial vulnerability report published.