Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSH 9.8 to address CVE-2024-39894 #1551

Open
RicMackie opened this issue Sep 30, 2024 · 1 comment
Open

OpenSSH 9.8 to address CVE-2024-39894 #1551

RicMackie opened this issue Sep 30, 2024 · 1 comment

Comments

@RicMackie
Copy link

Hello,
I'm sure these recent OpenSSH issues are as fun for you as they are for us. :-)
I'm not seeing any mention of an upcoming Flatcar release with OpenSSH 9.8, and I'm staying on top of the release channels.
Any word on when we may expect an updated OS with OpenSSH 9.8?
Thanks kindly!
@krnowak
Copy link
Member

krnowak commented Oct 2, 2024

Hi,

We didn't have that CVE in our issue list, but thanks for letting us know.

@dongsupark, should we have an issue about it? nvd.nist.gov doesn't have much information about it at the first glance.

So, 9.8 is still marked as unstable on Gentoo, so as such it was not picked up by us by now. I think that we will do it on Monday, when a new PR with a batch of weekly updates is created. Depending on the severity of the CVE, it may even get backported to other release channels.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Flatcar tactical, release planning, and roadmap
Status: 📝 Needs Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krnowak @RicMackie