Versions Compared

Old Version 2

changes.mady.by.user Mike Grant

Saved on

compared with

New Version Current

changes.mady.by.user Xavier Abellan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added 12 July deadline for enforcement of updates

...

Operating SystemAffectedAction Required
Ubuntu 22.04Yes

Although the update should have been applied automatically, make sure your system is completely up to date with:

No Format
sudo apt update && sudo apt upgrade

You may check the version of OpenSSH with:

No Format
$ dpkg -l openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version             Architecture Description
+++-==============-===================-============-=================================================================
ii  openssh-server 1:8.9p1-3ubuntu0.10 amd64        secure shell (SSH) server, for secure access from remote machines

It must be 8.9p1-3ubuntu0.10 or above.

Rocky 9.XYesNo patched version has been released. Follow the instructions on 
Note
titleUPDATED 2024-07-04: Patch available

A patched OpenSSH has been released in the official repositories. If you have already applied any mitigation, it is recommended you revert it after updating. See 

https://rockylinux.org/news/2024-07-01-rocky-linux-9-cve-2024-6378-regression for

mitigation strategies

more information

Ensure your system is completely up to date with:
No Format
sudo dnf upgrade

You may check the version of OpenSSH with:

No Format
$ rpm -q openssh-server
openssh-server-8.7p1-38.el9_4.1.x86_64

It must be openssh-server-8.7p1-38.el9_4.1.x86_64 or above.

Rocky 8.XNoNone
Centos 7.xNoNone for this issue, though Centos 7 is end of life and should be cautiously replaced soon.
Ubuntu 18 LTSNoNone for this issue, though Ubuntu 18 LTS is end of life and should be cautiously replaced soon.
Ubuntu 20 LTSNoNone for this issue.


Warning

Following our Terms and Conditions for the Use of European Weather Cloud Pilot Service, any vulnerable instances remaining beyond Friday 12 July 2024 may be isolated and become unaccessible for security reasons. Please ensure yours are up-to-date before then.

Further info: