RegreSSHion (CVE-2024-6387)

Have questions on patching this nasty vulnerability.

Advised is to upgrade OpenSSH to version ​​9.8p1

Does reprovisioning upgrade to the latest version? The one on ubuntu 22.04 on one of the AWS EC2 instances is running OpenSSH_8.9p1

Any suggestions?

Just a note for everyone who sees this.

You can either re-provision to get the latest open ssh update or run:

sudo apt update && sudo apt install openssh-server

It is not advisable to run mitigation solution:

echo "LoginGraceTime 0" | sudo tee /etc/ssh/sshd_config.d/cve-2024-6387.conf
sudo systemctl reload ssh.service

unless you have any other choice.

If you are running Pro version of Ubuntu such as EC2 instances on AWS you can check if the patch has been applied by running

sudo pro fix CVE-2024-6387

It should tell if the vulnerability is patched.