OESA-2024-1872
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1872
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1872.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-1872
- Upstream
- Published
- 2024-07-19T11:08:34Z
- Modified
- 2025-09-03T06:20:43.742052Z
- Summary
- openssh security update
- Details
-
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and sophisticated configuration options.
Security Fix(es):
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.(CVE-2024-6409)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:22.03-LTS-SP4 / openssh
Package
- Name
- openssh
- Purl
- pkg:rpm/openEuler/openssh&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.8p1-32.oe2203sp4
Ecosystem specific
{
"x86_64": [
"openssh-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-askpass-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-clients-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-keycat-8.8p1-32.oe2203sp4.x86_64.rpm",
"openssh-server-8.8p1-32.oe2203sp4.x86_64.rpm",
"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"openssh-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-askpass-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-clients-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-keycat-8.8p1-32.oe2203sp4.aarch64.rpm",
"openssh-server-8.8p1-32.oe2203sp4.aarch64.rpm",
"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64.rpm"
],
"noarch": [
"openssh-help-8.8p1-32.oe2203sp4.noarch.rpm"
],
"src": [
"openssh-8.8p1-32.oe2203sp4.src.rpm"
]
}