Critical vulnerability in OpenSSH (CVE-2024-6387)

Critical vulnerability in OpenSSH (CVE-2024-6387)

Dear Hmara.io users,

A vulnerability CVE-2024-6387 of Race Condition type has been discovered in the OpenSSH server component (sshd). This vulnerability can lead to remote code execution with root privileges on Linux systems with glibc. The vulnerability affects OpenSSH versions 8.5p1 through 9.7p1, as well as some older versions.

To protect yourself, you should urgently upgrade OpenSSH to version 9.8p1 or higher. If you cannot upgrade, you should set the LoginGraceTime parameter to 0 in the sshd configuration file.

Commands to upgrade OpenSSH on RedHat (including CentOS and Fedora):

yum update openssh -y && systemctl restart sshd

Для Debian, Ubuntu:

apt update && apt install openssh-server -y && systemctl restart ssh

If you have any difficulties, please contact support and we can help you update sshd on the server.