Comments (6)
Hi @brookerrj,
Thanks for using Bitnami. According to the official Debian website, Debian Buster stopped receiving security updates as of June 30th, 2022. I'm afraid I don't know if Debian Buster is affected by CVE-2024-6387 because it is not listed in the CVE description webpage either. You will need to ask in a more specialized forum for further help on this.
from vms.
Describe your issue as much as you can
I'm assuming that the OpenSSH server vulnerability (CVE-2024-6387) is present in Debian GNU/Linux 10 (buster)? How can I get fixes for this version? Will there Official Site be a fix available in the unattended-upgrades for this version?
Versions on my server:
bitnami@wordpress-1-vm:~$ sudo dpkg -l | grep ssh
ii libssh2-1:amd64 1.8.0-2.1+deb10u1 amd64 SSH2 client-side library
ii openssh-client 1:7.9p1-10+deb10u4 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:7.9p1-10+deb10u4 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:7.9p1-10+deb10u4 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
ii ssh 1:7.9p1-10+deb10u4 all secure shell client and server (metapackage)
bitnami@wordpress-1-vm:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Hello,
The OpenSSH server vulnerability (CVE-2024-6387) is a critical issue that affects OpenSSH’s server (sshd) due to a race condition, allowing remote attackers to execute arbitrary code without authentication12.
For Debian GNU/Linux 10 (buster), here are the steps to address this vulnerability:
Check for Updates:
Regularly check the Debian security tracker for updates related to CVE-2024-63871.
Use the following command to update your package list and upgrade your packages
sudo apt update && sudo apt upgrade
Unattended Upgrades:
Ensure that unattended-upgrades is configured to automatically apply security updates. You can install and configure it using:
sudo apt install unattended-upgrades sudo dpkg-reconfigure --priority=low unattended
Best Regards,
florence023
from vms.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
from vms.
@florence0239 Thank you for your feedback. I shall try to implement your solution in the next few days. I just need to make sure all is properly backed up first.
from vms.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
from vms.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
from vms.
Related Issues (20)
- [AWS Bitnami] <Not Running after self signed SSL generated HOT 2
- [Redmine] How to get 3.4.6 version Redmine by Bitnami for Linux HOT 3
- [<LAMP>] SSL for multiple domains HOT 5
- Bitnami Redmine: Is it possible to Upgrade to Apache version 2.4.59 or later? HOT 5
- [MariaDB/WordPress connection issue probabbly] Wordpress can not connect to DB HOT 2
- [Bitnami] <Frappe CRM> HOT 2
- [<opencart>] <admin site not available> HOT 2
- Update and reissue eZ Publish Bitnami Installers HOT 2
- [<application>] <title>LMS mariadb upgrade issue HOT 6
- [<application>] <title>mysql not running on GCP bitnami multisites HOT 3
- [WordPress] Bitnami Wordpress Getting 521 errors HOT 5
- Bitnami Wordpress mysqld CPU constantly spiked HOT 1
- [Bitnami Wordpress GCP] Where to upload files for domain verification when using SSH? HOT 4
- [Bitnami WordPress GCP] What's the difference between /bitnami/wordpress and /opt/bitnami/wordpress? HOT 2
- [Wordpress] Bitnami Wordpress is Not responsive HOT 3
- LAMP - MariaDB is maxing out the CPU on my EC2 instance HOT 5
- [WordPress] Open Wordpress Page (Bitnami VM) when on a different network HOT 3
- [<LAMP>] High server usage HOT 4
- [WordPress] Failed to start LSB: bitnami init script, Apache configuration Error after SSL Certificate Update attempt. HOT 5
- [Ghost] Incorrect password error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vms.