stable

openssh-9.6p1-1.fc40.4

FEDORA-2024-dc89a2e1bf created by dbelyavs 3 months ago for Fedora 40

Backport fix for CVE-2024-6387 (#2294879) Backport fix for ObscureKeystrokeTiming logic error from OpenSSH 9.8

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-dc89a2e1bf

This update has been submitted for testing by dbelyavs.

3 months ago

This update's test gating status has been changed to 'waiting'.

3 months ago
User Icon asosedkin provided feedback 3 months ago
karma
BZ#2294904 CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]
User Icon markec commented & provided feedback 3 months ago
karma

Thanks! Is f40.4 expected package name here?

User Icon imsedgar commented & provided feedback 3 months ago
karma

Works without problems. I also wonder about the release numbering. I would have expected 5.fc40 instead of 1.fc40.4 . It seams to me that only openssh uses this numbering schema.

This update's test gating status has been changed to 'passed'.

3 months ago
User Icon markec provided feedback 3 months ago
karma

This update has been submitted for stable by bodhi.

3 months ago
User Icon clang commented & provided feedback 3 months ago

The numbering scheme is fine and supported. Increasing the number after the %{dist} tag ensures a clean upgrade path from 1.fc40 to 1.fc41. This wasn't necessary here, since we will likely not ship 9.6p1-1.fc41 in F41, but I don't think this warrants another rebuild for this important fix.

User Icon rathann commented & provided feedback 3 months ago
karma

Works fine here on a QEMU-based VM and a physical machine.

Test Case OpenSSH
User Icon imabug provided feedback 3 months ago
karma
User Icon neil provided feedback 3 months ago
karma
User Icon aranc23 commented & provided feedback 3 months ago
karma

lightly tested on a VM, seems perfectly fine I can't test the bugs this release fixes...

Test Case OpenSSH
User Icon rgessner provided feedback 3 months ago
karma
BZ#2294904 CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]
Test Case OpenSSH

This update has been pushed to stable.

3 months ago
karma
BZ#2294904 CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]
Test Case OpenSSH

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
9
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
3 months ago
in stable
3 months ago
approved
3 months ago
BZ#2294904 CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]
0
3

Automated Test Results

Test Cases

0 4 Test Case OpenSSH