Ubuntu
openssh package

June 2024 security issue

Bug #2070497 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Status tracked in Oracular
Jammy
Fix Released
Undecided
Marc Deslauriers
Mantic
Fix Released
Undecided
Marc Deslauriers
Noble
Fix Released
Undecided
Marc Deslauriers
Oracular
Fix Released
Undecided
Marc Deslauriers

Bug Description

June 2024 security issue bug.

CVE References

Marc Deslauriers (mdeslaur)
Changed in openssh (Ubuntu Focal):
status: New → In Progress
Changed in openssh (Ubuntu Jammy):
status: New → In Progress
Changed in openssh (Ubuntu Focal):
status: In Progress → Invalid
Changed in openssh (Ubuntu Mantic):
status: New → In Progress
Changed in openssh (Ubuntu Noble):
status: New → In Progress
Changed in openssh (Ubuntu Oracular):
status: New → In Progress
Changed in openssh (Ubuntu Jammy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssh (Ubuntu Mantic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssh (Ubuntu Noble):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssh (Ubuntu Oracular):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13.3

---------------
openssh (1:9.6p1-3ubuntu13.3) noble-security; urgency=medium

  * SECURITY UPDATE: remote code execution via signal handler race
    condition (LP: #2070497)
    - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
    - CVE-2024-6387

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2024 09:07:08 -0400

Changed in openssh (Ubuntu Noble):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:8.9p1-3ubuntu0.10

---------------
openssh (1:8.9p1-3ubuntu0.10) jammy-security; urgency=medium

  * SECURITY UPDATE: remote code execution via signal handler race
    condition (LP: #2070497)
    - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
    - CVE-2024-6387

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2024 09:11:55 -0400

Changed in openssh (Ubuntu Jammy):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:9.3p1-1ubuntu3.6

---------------
openssh (1:9.3p1-1ubuntu3.6) mantic-security; urgency=medium

  * SECURITY UPDATE: remote code execution via signal handler race
    condition (LP: #2070497)
    - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
    - CVE-2024-6387

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2024 09:11:02 -0400

Changed in openssh (Ubuntu Mantic):
status: In Progress → Fix Released
Marc Deslauriers (mdeslaur)
information type: Private Security → Public Security
Changed in openssh (Ubuntu Oracular):
status: In Progress → Fix Released
Mathew Hodson (mhodson)
no longer affects: openssh (Ubuntu Focal)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.