Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

CVE-2024-6387 openssh RCE vulnerability

Description

CVE-2024-6387 openssh RCE vulnerability was reported July 1, 2024.
See https://nvd.nist.gov/vuln/detail/CVE-2024-6387
Technical discussion with high detail and analysis: https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

SCALE and CORE are both affected.
SCALE fix: https://security-tracker.debian.org/tracker/CVE-2024-6387 1:9.2p1-2+deb12u3

CORE fix: https://security.freebsd.org/advisories/FreeBSD-SA-24:04.openssh.asc

Problem/Justification

None

Impact

None

Activity

Show:

Bug Clerk July 2, 2024 at 5:31 PM

This issue has now been closed. Comments made after this point may not be viewed by the TrueNAS Teams. Please open a new issue if you have found a problem or need to re-engage with the TrueNAS Engineering Teams.

Bug Clerk July 2, 2024 at 5:25 PM
Edited

13.3 PR: https://github.com/truenas/ports/pull/1342

updates security/openssh-portable

DISTVERSION= 9.7p1 PORTREVISION= 2 PORTEPOCH= 1


Can be validated via `pkg info openssh-portable`

Name : openssh-portable Version : 9.7.p1_2,1

Older version is 9.6p1_1,1

Bug Clerk July 2, 2024 at 1:57 PM
Edited

13.0 PR: https://github.com/truenas/ports/pull/1341

updates security/openssh-portable

DISTVERSION = 8.8p1 PORTREVISION = 2

This can be validated through pkg info openssh-portable

Name : openssh-portable Version : 8.8.p1_2,1

Older version is 8.8.p1_1,1

Andrew Walker July 2, 2024 at 1:12 PM

Ports fixes pending.

Bug Clerk July 2, 2024 at 11:29 AM

Complete
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Impact

Critical

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created July 1, 2024 at 1:49 PM
Updated August 22, 2024 at 1:06 PM
Resolved July 2, 2024 at 5:31 PM