A new critical security vulnerability CVE-2024-6387, code-named as regreSSHion has been discovered affecting many Linux systems, including many in the European Weather Cloud.  This vulnerability may allow unauthenticated remote code execution in OpenSSH’s server with full root access.

It is very important you check whether your instances in the European Weather Cloud are affected and if so take any remedial actions required:

Operating SystemAffectedAction Required
Ubuntu 22.04Yes

Although the update should have been applied automatically, make sure your system is completely up to date with:

sudo apt update && sudo apt upgrade

You may check the version of OpenSSH with:

$ dpkg -l openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version             Architecture Description
+++-==============-===================-============-=================================================================
ii  openssh-server 1:8.9p1-3ubuntu0.10 amd64        secure shell (SSH) server, for secure access from remote machines

It must be 8.9p1-3ubuntu0.10 or above.

Rocky 9.XYes

UPDATED 2024-07-04: Patch available

A patched OpenSSH has been released in the official repositories. If you have already applied any mitigation, it is recommended you revert it after updating. See 

https://rockylinux.org/news/2024-07-01-rocky-linux-9-cve-2024-6378-regression for more information

Ensure your system is completely up to date with:
sudo dnf upgrade

You may check the version of OpenSSH with:

$ rpm -q openssh-server
openssh-server-8.7p1-38.el9_4.1.x86_64

It must be openssh-server-8.7p1-38.el9_4.1.x86_64 or above.

Rocky 8.XNoNone
Centos 7.xNoNone for this issue, though Centos 7 is end of life and should be cautiously replaced soon.
Ubuntu 18 LTSNoNone for this issue, though Ubuntu 18 LTS is end of life and should be cautiously replaced soon.
Ubuntu 20 LTSNoNone for this issue.


Following our Terms and Conditions for the Use of European Weather Cloud Pilot Service, any vulnerable instances remaining beyond Friday 12 July 2024 may be isolated and become unaccessible for security reasons. Please ensure yours are up-to-date before then.

Further info:

  • No labels