ubuntu-motd

Merge lp:~lsandecki/ubuntu-motd/CVE-2024-6387 into lp:ubuntu-motd

  1. CVE-2024-6387
  2. Merge into trunk
Proposed by Lech Sandecki
Status: Merged
Merged at revision: 99
Proposed branch: lp:~lsandecki/ubuntu-motd/CVE-2024-6387
Merge into: lp:ubuntu-motd
Diff against target: 19 lines (+4/-4)
1 file modified
aptnews.json (+4/-4)
To merge this branch: bzr merge lp:~lsandecki/ubuntu-motd/CVE-2024-6387
Reviewer Review Type Date Requested Status
Christian Ehrhardt  Approve
Review via email: mp+468497@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote (last edit ):

This is twice 22: "22.04 LTS, 23.10 and 22.04 LTS."

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The former v99 was never merged, merging it now is a no-op, but I wanted to let you know.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

You seem to be busy, I'll fix the second to be 24.04 LTS

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Checked the links the URL and the wording - all LGTM.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote (last edit ):

22/24 checked via MM, fixed now

Question on the wording:
 "RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems."

That is the title from qualys https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

But since all of Ubuntu is glibc based this feels odd in the description.
The MITRE description is much more helpful

"Openssh: Possible Remote Code Execution Due To A Race Condition In Signal Handling"

If you want to keep the buzzword it could be:
"RegreSSHion: Possible RCE Due To A Race Condition In Signal Handling.",

Starting a discussion on MM about this ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Out of the MM sync:

[15:44] <0xdsousa> [00e] "RegreSSHion: Possible RCE Due To A Race Condition In Signal Handling." :thumbsup_light_skin_tone:
[15:44] <lsandecki> [011] yes, thank you

Checker scripts are happy with that as well, merging

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'aptnews.json'
2--- aptnews.json 2023-10-06 12:27:30 +0000
3+++ aptnews.json 2024-07-01 13:05:25 +0000
4@@ -1,11 +1,11 @@
5 {
6 "messages": [
7 {
8- "begin": "2023-10-06T00:00:00Z",
9+ "begin": "2024-07-02T00:00:00Z",
10 "lines": [
11- "Canonical released microcode updates for both Intel (CVE-2022-40982) and AMD",
12- "(CVE-2023-20593). ‘Unattended upgrades’ provide security updates by default.",
13- "Ensure it remains enabled to always get all updates as they become available."
14+ "OpenSSH CVE-2024-6387 has been fixed for 22.04 LTS, 23.10 and 22.04 LTS.",
15+ "RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems.",
16+ "For more details see: https://ubuntu.com/security/notices/USN-6859-1."
17 ]
18 }
19 ]

Subscribers

People subscribed via source and target branches