OpenSSH is a set of free software tools enabling secure communications over a computer network using the SSH protocol.

In particular, this tool enables remote server administration.

Recently, researchers demonstrated that under very specific conditions, when establishing a connection using the SSH protocol, a malicious operator could establish the connection without having the necessary rights. This is due to a desynchronization of controls during connection establishment.

This security flaw could compromise the integrity of a server by a malicious third party.

Fortunately, we were able to count on our packaging and quality assurance teams to quickly take this correction into account and distribute it to users. The Mageia team showed as much responsiveness as larger teams such as Debian, Ubuntu or Fedora.

So don’t delay, and don’t forget to update as packages fixed for CVE-2024-6387 was published on 1^st of July.

Our responsive teams are always on the lookout for support and manpower to ensure timely updates.

If you’d like to maintain a plurality of distributions and, above all, if you like Mageia for its community and warmth, come and reinforce our packaging, quality assurance and communication teams!

Together, let’s continue to make Mageia a responsive, high-quality, high-performance distribution for many years to come.

If you’d like to join one of our teams, please visit the Mageia contribution page.

︎