Dear Valued Clients,
On July 1st, 2024 a vulnerability was published for OpenSSH known as regreSShion and given the identifier CVE-2024-6387. This affects EL9 servers and the official definition by the CVE Board is the following:
Title: Openssh: possible remote code execution due to a race condition in signal handling
Description
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Workaround
The CVE-2024-6387 vulnerability only affects EL9 based and newer Ubuntu operating systems. With this, we urge VPS users on Ubuntu 22.04 to update their operating system by running the following commands and reboot the server.sudo apt-get updatesudo apt-get upgrade
For more info: https://ubuntu.com/security/notices/USN-6859-1
Thank you,
Web.com.ph Team
