Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
OpenSSH CVE-2024-6387
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: OpenSSH CVE-2024-6387 (Read 5303 times)
Patrick M. Hausen
Hero Member
Posts: 6797
Karma: 571
Re: OpenSSH CVE-2024-6387
«
Reply #15 on:
July 10, 2024, 06:13:31 am »
FreeBSD published updated versions for all supported releases and also for release 13.2 which is already EOL, but they fixed it, anyway.
Supported releases at the moment are: 13.3, 14.0, 14.1.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: OpenSSH CVE-2024-6387
«
Reply #16 on:
July 10, 2024, 08:13:59 am »
One thing to note here for clarity is that we do not have OpenSSH in the base system so the advisories do not even apply from that FreeBSD version EoL or not point of view:
https://github.com/opnsense/tools/commit/477358606e
The update will be done via openssh-portable package through the FreeBSD ports tree. Expect the update tomorrow.
Cheers,
Franco
Logged
Hydraulix989
Newbie
Posts: 2
Karma: 0
Re: OpenSSH CVE-2024-6387
«
Reply #17 on:
August 03, 2024, 08:38:02 pm »
Any updates yet? Did this update make it into OpnSense? pfSense handled it right away...
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: OpenSSH CVE-2024-6387
«
Reply #18 on:
August 03, 2024, 09:29:25 pm »
Quote from: Hydraulix989 on August 03, 2024, 08:38:02 pm
Any updates yet? Did this update make it into OpnSense? pfSense handled it right away...
Yeah, pfSense handled exactly nothing in the non-paid version except for the upstream documented workaround. Next release will come in a couple of years, maybe.
It's been fixed almost a month ago, not sure what update are you expecting.
https://forum.opnsense.org/index.php?topic=41505.0
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: OpenSSH CVE-2024-6387
«
Reply #19 on:
August 05, 2024, 10:37:03 am »
Just to follow up on the previous: Yes, the correct way is to update to OpenSSH 9.8p1, which we did in 24.1.10 on July 11. It's a bit of a shame that allegedly serious issues are patched in a major release, but it is what it is.
Cheers,
Franco
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
OpenSSH CVE-2024-6387