Patch Wednesday Day (22/100) - CVE-2024-6387

Ashwani Paliwal
July 3, 2024


In today's edition, we'll focus on patching the vulnerability CVE-2024-6387 affecting openssh package on ubuntu.

To check if this patch is relevant to you:

  • Check Ubuntu Version
    • Open a terminal on your Ubuntu system and run the following command “lsb_release -a
    • This command will display detailed information about your Ubuntu system, including the version number. Ensure that the output shows "22.04" as the version.
  • Verify openssh Version
    • Open a terminal on your Ubuntu system and run the following command “dpkg -l | grep openssh
    • This command will show the current version of openssh package installed on your Ubuntu system. Verify that the version is less than n "1:8.9p1-3ubuntu0.10".

For further information and support related to this patch, please refer to the support page.

Patch Details

CVE Details

Patch Deployment with SecOps Patch Management

Manual Patch deployment

1. Download from Ubuntu Repository

  • Open a terminal and update your package repository by running the following command: “sudo apt update
  • Upgrade apt to the latest version using the following command: “sudo apt upgrade openssh-client
    sudo apt upgrade openssh-server

2. Using Manual Download

  • Visit the Ubuntu archive repository to download openssh-server / 1:8.9p1-3ubuntu0.10 for Ubuntu 22.04.
  • Install the downloaded package using the following command: “sudo dpkg -i openssh-server_8.9p1-3ubuntu0.10_amd64.deb”
  • If there are any dependency issues, resolve them using the following command: “sudo apt --fix-broken install”
  • Validate Patch Deployment: using the following command : “dpkg -l | grep openssh”

3. Verify that openssh-server is now at version 1:8.9p1-3ubuntu0.10.

By following these steps, you can ensure that the openssh vulnerability “CVE-2024-6387” is mitigated on your system.

Note: The vulnerability "CVE-2024-6387" impacts the openssh-server, openssh-client and openssh-sftp-server packages. The affected versions may vary depending on the update repositories and the operating system version.

Important Note:

  1. There are several key things to remember while deploying a patch. It is crucial to download the correct patch file that has been released for your system’s architecture, Operating System, and Build Version
  2. It is crucial that you follow the right process or supply the correct commands while installing the patch
  3. Understand if the patch requires a reboot of the system or not. If yes make sure to perform a reboot securely to avoid system corruption

SecOps Solution is an award-winning agent-less Full-stack Vulnerability and Patch Management Platform that helps organizations identify, prioritize, and remediate security vulnerabilities and misconfigurations in seconds.

To schedule a demo, just pick a slot that is most convenient for you.

Related Blogs