Serious gap in SSH, please update promptly!

04. July 2024

On July 1, 2024, a security vulnerability was published in current versions of the SSH daemon. The impact and possible consequences of this are serious, allowing an attacker to gain root rights on vulnerable computers via the network without authentication. For this reason, it is imperative that the SSH daemon is updated very promptly.

How do I find out if I need to do something?
If you are running a Linux computer, whether on the Internet, departmental network, on a laptop and/or server, it is highly likely that an SSH service is also active. As soon as an SSH service is installed, it is highly likely that an update needs to be installed.

Who needs to act:
IT admins of the operating organizational unit. Organizational units managed by the RHRZ do not have to act.

What to do:
Forward this information to the IT admins in your area and pass on the following information or recommended action. If an affected distribution is used, please install the updated SSH packages immediately. Quote: "Admins should check whether their Linux systems have the latest SSH versions. Both Debian and Ubuntu have new packages in stock, Red Hat is still researching, but initial analysis suggests that only Red Hat Enterprise Linux 9 is affected, as all other versions of Red Hat Linux come with older OpenSSH versions."

Further information can be found at:
https://www.openssh.com/releasenotes.html
https://www.openwall.com/lists/oss-security/2024/07/01/3
https://www.heise.de/news/RegreSSHion-Sicherheitsluecke-in-OpenSSH-gibt-geduldigen-Angreifern-Root-Rechte-9784976.html

Main navigation

Serious gap in SSH, please update promptly!

Schnellzugriff

Service

Information offer for

StudentServiceCenter Kaiserslautern

StudentServiceCenter Landau

University of Kaiserslautern-Landau