AlmaLinux 9 users, take note. A new vulnerability in OpenSSH's server (sshd) has been identified, affecting glibc-based Linux systems. This issue, similar to last week’s CVE-2024-6387, impacts glibc-based Linux systems. The new vulnerability, identified as CVE-2024-6409, involves a signal handler race condition. This flaw could expose your system to potential security risks.
Patching OpenSSH CVE-2024-6409 Vulnerability in AlmaLinux 9
At AlmaLinux, security is a top priority. The AlmaLinux Enterprise Linux Steering Committee (ALESCo) made the decision to build and release an update quickly, without waiting for updates from CentOS Stream or RHEL.
The OpenSSH patch for CVE-2024-6409 has been released and is available for AlmaLinux OS 9 users.
To protect your AlmaLinux systems from OpenSSH CVE-2024-6409 vulnerability, simply update your existing OpenSSH package using the following command:
sudo dnf --refresh upgrade openssh
After the update, verify that you have the correct version installed:
rpm -q openssh
Look for the version number openssh-8.7p1-38.el9_4.1.alma.1. This version includes the necessary security fixes.
By updating your OpenSSH package, you ensure your system is protected against the newly discovered vulnerability.
Remember, system security is an ongoing process. Regularly check for and apply updates to keep your AlmaLinux OS 9 installation protected against the latest known vulnerabilities.
Resource:
