OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597 
Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 
Severity: 8.1 High 
Status: Final 
First published: July 3, 2024 
CVEs: CVE-2024-6387 

Summary

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

On the Mindbreeze help website you find instructions to mitigate Mindbreeze InSpire installations prior to 24.3 Hotfix 2.

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.3 Hotfix 2 Release 
• Mindbreeze InSpire SaaS 24.3 Hotfix 2 Release