-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update: net-misc/openssh #1487
Comments
github-project-automation
bot
moved this to 📝 Needs Triage
in Flatcar tactical, release planning, and roadmap
Jul 1, 2024
tormath1
moved this from 📝 Needs Triage
to ⚒️ In Progress
in Flatcar tactical, release planning, and roadmap
Jul 1, 2024
Release Tracking issue for the release: #1488 |
This was referenced Jul 1, 2024
tormath1
moved this from ⚒️ In Progress
to Implemented
in Flatcar tactical, release planning, and roadmap
Jul 2, 2024
Closed
2 tasks
I kept this open for visibility purposes - now we can close it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name: net-misc/openssh
CVEs: CVE-2024-6387
CVSSs: 8.1
Action Needed: Upgrade OpenSSH with correct patch.
Summary: We discovered a vulnerability (a signal handler race condition) in
OpenSSH's server (sshd): if a client does not authenticate within
LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions),
then sshd's SIGALRM handler is called asynchronously, but this signal
handler calls various functions that are not async-signal-safe (for
example, syslog()). This race condition affects sshd in its default
configuration.
refmap.gentoo: https://bugs.gentoo.org/935271
EDIT: 🟢 Flatcar is now safe against this vulnerability from: Alpha 4012.0.1, Beta 3975.1.1, Stable 3815.2.5 and LTS 3510.3.5
The text was updated successfully, but these errors were encountered: