akaher
commented
3 months ago openssh-9.3p2-9.ph5.x86_64.rpm includes the fix for CVE-2024-6387.
Closed tracylv closed 2 months ago
akaher
commented
3 months ago openssh-9.3p2-9.ph5.x86_64.rpm includes the fix for CVE-2024-6387.
tracylv
commented
3 months ago Thanks @akaher !
Describe the bug
Confirm security fix for CVE-2024-6387, I didn't find a maintainers email address, so file this ticket instead. please help forward to right team. Thanks!
Reproduction steps
For recent vulnerability ['CVE-2024-6387'], according to Photon OS Security Update, that is fixed in both 5.0 and 4.0 with package update per my understanding.
Photon 5: https://github.com/vmware/photon/wiki/Security-Update-5.0-307 (update openssh to "openssh-9.3p2-9.ph5.x86_64.rpm"
Photon 4: https://github.com/vmware/photon/wiki/Security-Update-4.0-642 (update openssh to openssh-8.9p1-8.ph4.x86_64.rpm)
Expected behavior
Take photon 5 for example, below is the openssh version from our product, which consume photon OS, want to double confirm whether this version (9.3p2-9.ph5) include the remediation for CVE-2024-6387 or not.
Additional context
No response