A new critical security vulnerability CVE-2024-6387, code-named as regreSSHion has been discovered affecting many Linux systems, including many in the European Weather Cloud. This vulnerability may allow unauthenticated remote code execution in OpenSSH’s server with full root access.
It is very important you check whether your instances in the European Weather Cloud are affected and if so take any remedial actions required:
| Operating System | Affected | Action Required |
|---|---|---|
| Ubuntu 22.04 | Yes | Although the update should have been applied automatically, make sure your system is completely up to date with: sudo apt update && sudo apt upgrade You may check the version of OpenSSH with: $ dpkg -l openssh-server Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-===================-============-================================================================= ii openssh-server 1:8.9p1-3ubuntu0.10 amd64 secure shell (SSH) server, for secure access from remote machines It must be 8.9p1-3ubuntu0.10 or above. |
| Rocky 9.X | Yes | UPDATED 2024-07-04: Patch available A patched OpenSSH has been released in the official repositories. If you have already applied any mitigation, it is recommended you revert it after updating. See https://rockylinux.org/news/2024-07-01-rocky-linux-9-cve-2024-6378-regression for more information sudo dnf upgrade You may check the version of OpenSSH with: $ rpm -q openssh-server openssh-server-8.7p1-38.el9_4.1.x86_64 It must be openssh-server-8.7p1-38.el9_4.1.x86_64 or above. |
| Rocky 8.X | No | None |
| Centos 7.x | No | None for this issue, though Centos 7 is end of life and should be cautiously replaced soon. |
| Ubuntu 18 LTS | No | None for this issue, though Ubuntu 18 LTS is end of life and should be cautiously replaced soon. |
| Ubuntu 20 LTS | No | None for this issue. |
Following our Terms and Conditions for the Use of European Weather Cloud Pilot Service, any vulnerable instances remaining beyond Friday 12 July 2024 may be isolated and become unaccessible for security reasons. Please ensure yours are up-to-date before then.
Further info: