FreeBSD OpenSSH Product Security Update Advisory (CVE-2024-7589)

Aug 13 2024

Overview

An update has been released to address vulnerabilities in the FreeBSD OpenSSH product. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-7589

FreeBSD 13.3-RELEASE-p5 previous version
FreeBSD 13.3-STABLE previous version
FreeBSD 14.0-RELEASE-p9 previous version
FreeBSD 14.1-RELEASE-p3 previous version
FreeBSD 14.1-STABLE previous version

Resolved Vulnerabilities

A signal handler in sshd(8) calls an asynchronous signal-insecure logging function, which could be exploited by an attacker to allow remote code execution with root privileges (CVE-2024-7589)

Vulnerability Patches

The following product-specific Vulnerability Patches were made available in the August 7, 2024 update.

For more information on Vulnerability Patches, please refer to the “V. Solution” section of the product-specific Referenced Sites documentation.

CVE-2024-7589

FreeBSD 13.3-RELEASE-p5 version
FreeBSD 13.3-STABLE version
FreeBSD 14.0-RELEASE-p9 version
FreeBSD 14.1-RELEASE-p3 version
FreeBSD 14.1-STABLE version

References

[1] CVE-2024-7589 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7589

[2] OpenSSH pre-authentication async signal safety issue

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc

FreeBSD OpenSSH Product Security Update Advisory (CVE-2024-7589)

MongoDB Family Security Update Advisory (CVE-2024-7553)

ManageEngine (ADAudit Plus, ADAudit Plus, and others) Family August 2024 Security Update Advisory

Tags:

MongoDB Family Security Update Advisory (CVE-2024-7553)

ManageEngine (ADAudit Plus, ADAudit Plus, and others) Family August 2024 Security Update Advisory