Vulnerability in OpenSSH. CVE-2024-6387

A new security issue in OpenSSH (sshd) was reported on July 1, 2024. The vulnerability has been named "regresshion" or CVE-2024-6387. An attacker can obtain remote root access on Linux systems with OpenSSH. It's worth noting that it can take several hours to break in.

You are advised to update OpenSSH on your servers, regardless of whether they are virtual or dedicated.

Security Notices:

• Debian
• Ubuntu
• RedHat
• AlmaLinux

Instructions on how to update the SSH service are listed below.

For Debian / Ubuntu:
apt update
apt install --only-upgrade openssh-server openssh-clientThese commands will update the OpenSSH service and OpenSSH client. Note that the configuration file sshd_config may be overwritten.

For RedHat (AlmaLinux, CentOS, Fedora and Rocky Linux):
yum update openssh-server openssh-clients
The above commands only update OpenSSH packages. But we always recommend to update the whole system. For security reasons, the OS should always be up-to-date.
If you do not understand the commands or are afraid of doing something wrong, feel free to contact our support. We will be happy to help you.