You must log in or # to comment.
The CVE-2024-6409 vulnerability affects only the sshd server shipped in RHEL 9, while the upstream versions of sshd are not impacted.
Yes, only RHEL based releases affected (source):
Specifically, openssh-7.6p1-audit.patch found in Red Hat’s package of OpenSSH adds code to cleanup_exit() that exposes the issue. Relevantly, this patch is found in RHEL 9 (and its rebuild/downstream distributions), where the package is based on OpenSSH 8.7p1.
Debian oldstable is safe from this as well
Looks like openSUSE Leap is fine, not sure about other SUSE distros.
Flashback xz package in linux getting louder and louder
xz was a deliberate supply chain attack this is just a bug, accidental, not a rhel backdoor