{"id":"OESA-2024-1870","summary":"openssh security update","details":"OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\r\n\r\nSecurity Fix(es):\r\n\r\nA race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.(CVE-2024-6409)","modified":"2025-09-03T06:20:43.619704Z","published":"2024-07-19T11:08:34Z","upstream":["CVE-2024-6409"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1870"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6409"}],"affected":[{"package":{"name":"openssh","ecosystem":"openEuler:22.03-LTS-SP1","purl":"pkg:rpm/openEuler/openssh&distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.8p1-32.oe2203sp1"}]}],"ecosystem_specific":{"src":["openssh-8.8p1-32.oe2203sp1.src.rpm"],"aarch64":["openssh-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-askpass-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-clients-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-debugsource-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-keycat-8.8p1-32.oe2203sp1.aarch64.rpm","openssh-server-8.8p1-32.oe2203sp1.aarch64.rpm","pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64.rpm"],"noarch":["openssh-help-8.8p1-32.oe2203sp1.noarch.rpm"],"x86_64":["openssh-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-askpass-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-clients-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-debugsource-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-keycat-8.8p1-32.oe2203sp1.x86_64.rpm","openssh-server-8.8p1-32.oe2203sp1.x86_64.rpm","pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-1870.json"}}],"schema_version":"1.7.3"}