Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazon11022093.outbound.protection.outlook.com [52.101.66.93]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id BCCF12236A8 for <~alpine/users@lists.alpinelinux.org>; Tue, 23 Jul 2024 14:11:21 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=M7tlmyf/slyo87RPSqg8J7CmlBhLW0X9OHkVpNdYe74YVHeThDxkw87IF7GkmZBn2wd2yWOSD5o1UE0AuNA1/MmWhe1waS0RJ5eXE2Iaxb41VIcN+MJmYk0OpGZN8OhQ1aiue7FH2HQTB8GL5tJerIhOEg41tXhtUzNOb1HLB78ZK59lmEP5oXg3gIfSNk3UuMnJiBcDvV+3U4lNe/uUV9XWG9yUCuSEJUn1bp2Xdl+frrel+O7itxsHWCD+17QIGB29YMwkp4Jeyhr5zYccT6FHl8apUbIltudpXTGdJAzw/LxzFxy3LFXzmJsKJ0q7bKEOLjI+GpK6jsGYkXpWcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8qiu5z3oUCIQm+/1wBqVjYXWh5rvw0uaTFdN1jhXoXk=; b=XawL5e4OxhQTIZyojpp9KjAbhNrdTSAYMiNQhEGR4S8DDzCEB2QKOrLDGUUDnR6lcFzuLV/w1c15E6bP3+xQT3ajjkmgxE7+eMkE8klejYt/mBIZqZRNB5zTASsEEiIMm3YoC5BLDm8/M6EjOElV00xVnQtc4GeP61XIF+aJN5V84j0vGkz9N4Q8sS9wDWnA8Z6FojWsmfKbUzHShXvyDbwwuJojVqM28Hml78lpFiqIlpPN13MpjPHm/B63AhEVfOVCokOFaX/P6gqG0W5Uw4MNKghATZgvbl8HF24DhsdrS6OA+U+1KhiNQuKIMxkCUfjDkttwB9lnI7/ce/SsRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dormakaba.com; dmarc=pass action=none header.from=dormakaba.com; dkim=pass header.d=dormakaba.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dormakaba.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8qiu5z3oUCIQm+/1wBqVjYXWh5rvw0uaTFdN1jhXoXk=; b=CXoPUta3HXs6R+sJdEPohA9qP+F6MNlppUx+BsWxJWbk8NpvFxHPNnvyQ7uhHLzWvBzgt6eu35CEeHT89MKBPr29FIbcNEFt4nxHlZ5sBmoSkyZ7EvPbWkyI1+/skJGls2kYDWW0PjogI7euLcOsqmax58TAApSgZGejgxY3fe0= Received: from PA4PR03MB6975.eurprd03.prod.outlook.com (2603:10a6:102:ef::5) by PAWPR03MB10004.eurprd03.prod.outlook.com (2603:10a6:102:34f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.18; Tue, 23 Jul 2024 14:11:19 +0000 Received: from PA4PR03MB6975.eurprd03.prod.outlook.com ([fe80::cf50:4fb9:304f:52d6]) by PA4PR03MB6975.eurprd03.prod.outlook.com ([fe80::cf50:4fb9:304f:52d6%6]) with mapi id 15.20.7784.017; Tue, 23 Jul 2024 14:11:19 +0000 From: Thomas Rolfes To: "~alpine/users@lists.alpinelinux.org" <~alpine/users@lists.alpinelinux.org> Subject: Question about regreSShion/CVE-2024-6387 Thread-Topic: Question about regreSShion/CVE-2024-6387 Thread-Index: AdrdCOsqdKz7uedRQ9CupYeQ6+9pBw== Date: Tue, 23 Jul 2024 14:11:19 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=dormakaba.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PA4PR03MB6975:EE_|PAWPR03MB10004:EE_ x-ms-office365-filtering-correlation-id: b48db39a-de24-4788-0327-08dcab2152de x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?qdC/5oRAUGSN6A16jOTYKG4FhEwznUHL4HTtDLJ/uQFE/Jn6KS1Hu8ySslt7?= =?us-ascii?Q?dD/Um7QFUsp4MLyTXpVLmhcFjzOVAPml+QzhT/fUSgBI3UnELNnQh32GHya5?= =?us-ascii?Q?36vxi35eojf0OuyaX3mRvKHabbzO/RhyIw5ews4IaC2BuH18AL3Ck8F3hQzL?= =?us-ascii?Q?iMgOc6SvS5YebDcqdFlE+1lP/XbMji7DmCZxf8e+J3es8wlKXPqQREIVTA56?= =?us-ascii?Q?XtK3EAMmkLFagk13vJ29twX69S8M2S508otR5Tki3SoSsGxMEMEYXN4xxz1Y?= =?us-ascii?Q?PaPBmBqjtx60N3ldjKmTVcMPgb1FMaF01m9V/kn35i9YFFpuqtshkPiRBYx/?= =?us-ascii?Q?nfbOyYJ0UISEvAxWDL1LtsZGlSA+FhfKguVaL5WlIxi8zEtz+flg78V7ly1L?= =?us-ascii?Q?lU+6ttYgdNMOrU5ahF5mrxkk3cwi4OqLRg3xdqa1P0RqdKHVURXjs4dfFeBr?= =?us-ascii?Q?T+djRKQx1en4Vr9CC8pAL3ePBcVE4AVLSYxBdyLzwVh6059VbEB0DqUDPNCe?= =?us-ascii?Q?HxtzxdPD9TTuRC1lkxELMAiE2RP+f6JgKptbSIrYSKy6yewwlqqO3pVEEIC7?= =?us-ascii?Q?oNlsfAJ4dNZpjrFpT4aPRzi01N3ps7n3UcwX/+wVFd+9DXvbIv8PNvyU9qb3?= =?us-ascii?Q?VyqTbCHrzhwzYNUz9FuZzmH3XeY4jwBM3TTgKFlGtXO8sl3tQVOZKLQGdYsn?= =?us-ascii?Q?Xv+WmDCY/uYc1ztmZenzpDNX6XlXl0DueHtVpi+X8XWRDaT+ObjH0RsNlQbY?= =?us-ascii?Q?iob7qqmtWy3uSBVAM1oi9BSEKhrXtwhxK0EnXxhXWPE8OehhTDrkNkoV6YZb?= =?us-ascii?Q?mdgolv4vhkqoT3YiCrpmMu+lm6lsFXT2m/KFDuDZmvgmWWbCoKZyEYNL5BGm?= =?us-ascii?Q?epp4Yu+iDDCw2U9V2Y7tmtRoZfTo+XyXRd4HvXWXE4hIvrTU0IYtZWM5HlwU?= =?us-ascii?Q?RiX0edj3/rJ53fZ23xlf6p0IXXxM8I8AaNR2ZD8aiS8UJbiPgfiToj5SWAhM?= =?us-ascii?Q?KzjZ8ODUQtSimBWEh1K5m2WOn5VMhdOOXHX90CIUo4rfSEy8qsqTI2X+EBv+?= =?us-ascii?Q?99VUkLTuiZcwFQZPZnz5BjH+hGOlzkD1xFcVNN4eGPrhWBb7wEJL4eVuTW0l?= =?us-ascii?Q?WlwOqLg8jdHnT2sYqTEPJLdG6ckfa+OsXcwo/aLgRAPfOKlQ0i6tbRJSxPqf?= =?us-ascii?Q?aGJXMF0kZg/z+w6lBbjzIdkyg+Atyi1ZwWUuuoznNizAYM5G4cEIappJnJI6?= =?us-ascii?Q?IBwyisdzeO6VPPbu25e7YSQvTbXCS0QyuRO9FL1iPCTOH3g2vZAcVdCWbA3j?= =?us-ascii?Q?dvMVGmYAi0Efln3NgS6i/LLjuoYppMFKtByiV5e3Yl1DjA=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR03MB6975.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?vp/XLUZONJI1pLCU9EzhpVlIwLRNqYcI5ZGTLLi9krB7kWQlyNSpq7mkrSXQ?= =?us-ascii?Q?dNmfnWG1Sh4XHXesg+PiFdyMughVPJx9zZHu6BjPTwyr0hrBJVdSaTmR8OV/?= =?us-ascii?Q?tpBv6XHxGZtQ31QtpuSY1iiT0FEGZ0vmXHAzz05vHaN2gI/ZAyonS/EX9CyT?= =?us-ascii?Q?GC/xdrMqktEHav6PfFXuxyACKID7rGoGOvJthWE3l+pxjCpT+jBhCOiclt5Q?= =?us-ascii?Q?MALrRPJl4NwTl9xOIDog17/zyO1FShdDTabgH55PUSxeRCjdeLsF3421/6e7?= =?us-ascii?Q?KxyLlvv1Fa5HZYNc9vYM8EM//L+Yftp1O5SdrI4DqMGLD5glgER2ZF/D0G0Q?= =?us-ascii?Q?ZRg8Smtu8GLeV4dEfqwI9hxRnj0mjzULKsqdwfQnDayYGIMBBVnon/3IqqMZ?= =?us-ascii?Q?RxaMRU5yplmKHndmx4wlQhFe6X7vszWmzw+535vFZLhLzBAls2E2mo6giGS7?= =?us-ascii?Q?AhFqIe+vnYF3MbMv/cqkCIorqYjpFmwN/7l/OuWFtwt5/9PBQLPjxAFAXoAo?= =?us-ascii?Q?eQKp+HwrN5r2OuhFFO17FYcc1uebJ4m1+7lG5N8xMLbrDs6M07XqGh/fuS4i?= =?us-ascii?Q?kcDWB/dWund0wmiH7Gi3kYebSYWiUWVqBeNkeqlY+viBwLSBOxcx5vjq7dzR?= =?us-ascii?Q?bDPqadW6WKRrdLX3flcWQ1Y635QngmUsFmcKeVdNbFf414EIB2Itg9OBkoR9?= =?us-ascii?Q?GNda2KUCTNetE1UZjchYXm6dJ7uXfrVbdxg7GdjEWSs3Z/S3hw0K+FWWljPa?= =?us-ascii?Q?Mbc+Um7Kxh41/yiCulYLxdiucbf4yMz6OYrCkWFqVfjlcAcoS+Bw1+JpBXQE?= =?us-ascii?Q?ar5GcrDK1/RolwFvsTLTOJkMudWhy8k/yKG5cMuC+CN94J1xTn25VPxd6sP3?= =?us-ascii?Q?C1sd/EQ5h+XJOZ/G3o39LyUb1YcG2kEwSyG2qMdc5oMtL8P/NA5eUPaqXFdO?= =?us-ascii?Q?dsaxlavqIboYJxuHOI5RUu28FW2rTnvziZwvkjQFMz/u/Rb9KvGimb7+NG9X?= =?us-ascii?Q?luecUUvoU5E9HlxajaC8jO/ff8iam91nl9VOoYkOspofwzbILWsL5JbiBkTV?= =?us-ascii?Q?efx8sTU+2o3KFcJCGekzbgPDOjDHqOzR4OzDJSrf3Ahp598Op1Q+onwCqa5m?= =?us-ascii?Q?F+bIcmYb8fAXltrOIaS3TdeqHi8QuMT7xYH55lCCS+XDigCOIEo30RHg2HOM?= =?us-ascii?Q?Ec1InxsAdojIIK+O/GCpEegR1pdnxF1rS+YsYqNrPmj7E+uIP43U2ODD5uSU?= =?us-ascii?Q?p/Wr6jve4whaMlorsbPkZs6A2iwRsIOkyqbzoGnDtMI9vOrBhGVQVlipoQ4x?= =?us-ascii?Q?zIBSpnTSTbBpLT2DuFMuz3M9rMdHg6XuqZToclD5H2m5eILyfbjOxaqC392D?= =?us-ascii?Q?1zUC0WrcjUgAF5chbhQuwL+oVXujMy97SINVpci09lKf2jzRC4/FtfIOLNsQ?= =?us-ascii?Q?nMyiOzTWfWBGomGh6++sa5qI0ye0DhPDuuiXSObmNjW/HPbBFmmRFDWyKORc?= =?us-ascii?Q?vLdt7s99eWcClh3pTaaiH70WLCAFoNyZbgiBpGErdVsfmcmMiNezNuJHZVDj?= =?us-ascii?Q?Rl4KbSwVnjPlRCKbom2yExRx/QDcvEqiWxhwKOm7Rjfyo9UwgG3PdNOs5M0g?= =?us-ascii?Q?2Q=3D=3D?= Content-Type: multipart/alternative; boundary="_000_PA4PR03MB69759F2147175EAC161B3B0BEAA92PA4PR03MB6975eurp_" MIME-Version: 1.0 X-OriginatorOrg: dormakaba.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PA4PR03MB6975.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b48db39a-de24-4788-0327-08dcab2152de X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2024 14:11:19.1918 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b0f69499-bd40-437d-bef2-d41cf6f6a50e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RgKEEckgY8wkCcSQA+RqCfaERpL4n0Y0HS4qoxTDapOMYjsRgqsqNEzsdGi637WKTR/GNLWHrRTE42kEhD3qW/IMUnP9lp8VXqvlyF4r2ho= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB10004 --_000_PA4PR03MB69759F2147175EAC161B3B0BEAA92PA4PR03MB6975eurp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, in this issue it is stated that CVE-2024-6387 has already been addressed. https://gitlab.alpinelinux.org/alpine/aports/-/issues/16298 However, in the current alpine version 3.20.2 the OpenSSH Version is still = 9.7 (see below). Will the fix only be available in the "edge" version or is it planned for o= ne of the next patches? ------------------------------- # cat /etc/os-release NAME=3D"Alpine Linux" ID=3Dalpine VERSION_ID=3D3.20.2 ... # sshd -V OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024 ------------------------------- Thanks a lot and best regards, Thomas Rolfes --_000_PA4PR03MB69759F2147175EAC161B3B0BEAA92PA4PR03MB6975eurp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello,

 

in this issue it is stated that= CVE-2024-6387 has already been addressed.

https://gitlab.alpinelinux.org/alp= ine/aports/-/issues/16298

 

However, in the current alpine = version 3.20.2 the OpenSSH Version is still 9.7 (see below).

Will the fix only be available = in the “edge” version or is it planned for one of the next patc= hes?

-------------------------------=

# cat /etc/os-release

NAME=3D"Alpine Linux"=             &nb= sp;            =             &nb= sp;            

ID=3Dalpine   &n= bsp;            = ;            &n= bsp;            = ;            &n= bsp;      

VERSION_ID=3D3.20.2<= /span>

 

# sshd -V

OpenSSH_9.7p1, OpenSSL 3.3.1 4 = Jun 2024

-------------------------------=

 

Thanks a lot and best regards,

Thomas Rolfes

--_000_PA4PR03MB69759F2147175EAC161B3B0BEAA92PA4PR03MB6975eurp_--