Warning The instructions mentioned in this post are no longer necessary. The “regreSSHion” vulnerability in Rocky Linux’s OpenSSH package is addressed in the default repositories. Please read the SIG/Security Wiki, consider your needs, and plan accordingly before using the SIG/Security repository.
I am trying to address CVE-2024-6387 on my Linux server. It’s running following version.
Virtualization: vmware
Operating System: Rocky Linux 9.4 (Blue Onyx)
CPE OS Name: cpe:/o:rocky:rocky:9::baseos
Kernel: Linux 5.14.0-427.24.1.el9_4.x86_64
When it comes to addressing CVE-2024-6387, I am bit lost as to what’s best approach to take
There is following OpenSSH installed
openssh-8.7p1-38.el9.x86_64
As mentioned in here is running following commands best approach to take?
- Install the SIG/Security release file
dnf install rocky-release-security
- Disable SIG/Security security-common repo
dnf config-manager --disable security-common
- Upgrade openssh
dnf --enablerepo=security-common update openssh\*
- Confirm version
openssh-8.7p1-38.el9_4.security.0.5is installed
rpm -q openssh
Or should I update OpenSSH using following command to address this CVE? I believe this will update OpenSSH to latest version in repository which is 8.7p1-38.el9_4.4
update openssh *
Please help as I am not used to Linux a lot