Security information about OpenSSH

Posted at Tuesday, July 02, 2024

OpenSSH contains a vulnerability that may allow arbitrary code to be executed with root privileges. An update to fix the vulnerability has been released, so please apply the update immediately. If you are unable to apply the update, please take immediate action such as restricting access and applying mitigating measures.

At this time, it has been proven that the attack is successful in a 32-bit Linux/glibc environment. It has not been proven in a 64-bit environment, but it seems theoretically possible.

https://www.openssh.com/txt/release-9.8
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server