Patch out for Debian 12; Debian 11 not affected. https://security-tracker.debian...

wiredfool · on July 1, 2024

Looks like Focal (20.04) isn't on an affected version. Jammy (22.04) looks like it is.

feurio · on July 1, 2024

My procrastination pays off ...

medguru · on July 3, 2024

As do theirs ;)

metadat · on July 1, 2024

What about, uh, 18.04?

Edit: 18.04 Bionic is unaffected, the ssh version is 7.6 which is too old.

creshal · on July 1, 2024

If you have extended support: Just update (if it's not so old that it's not even affected in the first place)

If you don't have extended support: You're vulnerable to worse, easier to exploit bugs :)

l33tman · on July 2, 2024

I have a single 18.04 machine that is stuck on that, because it has 18.04 386, and as 20.04 doesn't support 386 anymore, apparently there is not a simple upgrade path to 20.04 64-bit (without doing extensive surgery). Very annoying...

metadat · on July 2, 2024

I can confirm this 18.04 machine still gets some important updates like kernel upgrades and patched versions of Apache.

urza · on July 1, 2024

On 22.04 apt update && upgrade doesn't help.. yet?

theandrewbailey · on July 1, 2024

Just ran an apt update and upgrade on my Debian 12 server. OpenSSH packages were the only ones upgraded.

hgs3 · on July 1, 2024

Yes, the Debian 12 fix is out. You can verify you're patched by running 'ssh -V' and verifying you see 'deb12u3'. If you see 'deb12u2' then you're vulnerable [1].

[1] https://security-tracker.debian.org/tracker/CVE-2024-6387

nubinetwork · on July 1, 2024

Can confirm, Pi OS bullseye also has the updated openssh.