安全公告详情

NS-SA-2026-0002

2026-02-20 21:35:16

简介

important: openssh security update

严重级别

important

主题

An update for openssh is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

openssh:


Security Fix(es):
openssh: A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().(CVE-2024-6387)
openssh: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.04P4B22.

影响组件

  • openssh

影响产品

  • CGSL MAIN 6.06 (SP)

更新包

{"fix":[{"product":"CGSL MAIN 6.06 (SP)","pkgs":[{"binary":["openssh-8.5p1-3.zncgsl6.t5.7.x86_64.rpm","openssh-clients-8.5p1-3.zncgsl6.t5.7.x86_64.rpm","openssh-server-8.5p1-3.zncgsl6.t5.7.x86_64.rpm"],"source":"openssh-8.5p1-3.zncgsl6.t5.7.src.rpm"}]}]}

CVE

参考