https://ubuntu.com/security/CVE-2024-6387
Have questions on patching this nasty vulnerability.
Advised is to upgrade OpenSSH to version 9.8p1
Does reprovisioning upgrade to the latest version? The one on ubuntu 22.04 on one of the AWS EC2 instances is running OpenSSH_8.9p1
Any suggestions?
Just a note for everyone who sees this.
You can either re-provision to get the latest open ssh update or run:
sudo apt update && sudo apt install openssh-server
It is not advisable to run mitigation solution:
echo "LoginGraceTime 0" | sudo tee /etc/ssh/sshd_config.d/cve-2024-6387.conf
sudo systemctl reload ssh.service
unless you have any other choice.
If you are running Pro version of Ubuntu such as EC2 instances on AWS you can check if the patch has been applied by running
sudo pro fix CVE-2024-6387
It should tell if the vulnerability is patched.