• infeeeee@lemm.ee
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    5 months ago

    The CVE-2024-6409 vulnerability affects only the sshd server shipped in RHEL 9, while the upstream versions of sshd are not impacted.

    Yes, only RHEL based releases affected (source):

    Specifically, openssh-7.6p1-audit.patch found in Red Hat’s package of OpenSSH adds code to cleanup_exit() that exposes the issue. Relevantly, this patch is found in RHEL 9 (and its rebuild/downstream distributions), where the package is based on OpenSSH 8.7p1.

    Debian oldstable is safe from this as well