If you are running an AlmaLinux OS 9 machine, you need to know about a [vulnerability in OpenSSH's server (sshd)](https://openwall.com/lists/oss-security/2024/07/01/3) in glibc-based Linux systems that was published earlier today, July 1, 2024. It has been assigned the identifier CVE-2024-6387 and named *regreSSHion*. This vulnerability is exploitable remotely and grants unauthenticated root access.
Security is our top priority at AlmaLinux and we aim to deliver patches to our users as quickly as possible. The openssh patch for CVE-2024-6387 has been released and is available for AlmaLinux OS 9 users. The decision to build the update and push the package to production on our own (without a CentOS Stream/RHEL update) was made by our newly-formed technical steering committee, [ALESCo](https://almalinux.org/blog/2024-05-21-introducing-alesco/).
We are committed to working upstream and have [submitted this patch to CentOS Stream 9](https://gitlab.com/redhat/centos-stream/rpms/openssh/-/merge_requests/77) to benefit the whole ecosystem.
Update the openssh package to protect your system against this issue:
Confirm the updated version has been installed. Our initial patch was included in **openssh-8.7p1-38.el9.alma.2**. After RHEL updated to include the upstream patch, we updated again to ensure we were 100% in line with RHEL. The package you're looking for is listed on the [CVE-2024-6387 errata page](https://errata.almalinux.org/9/ALSA-2024-4312.html)
Remaining aware of these vulnerabilities and acting quickly can keep your system and data safe. Follow the AlmaLinux Blog, join the [Mattermost Community Chat](https://chat.almalinux.org/), and subscribe to [Announce](https://lists.almalinux.org/mailman3/lists/announce.lists.almalinux.org/) and [Security](https://lists.almalinux.org/mailman3/lists/security.lists.almalinux.org/) Mailing Lists to stay informed and updated.
