OpenSSH Security Update (MINDBREEZE31597)
ID: MINDBREEZE31597
Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1
Severity: 8.1 High
Status: Final
First published: July 3, 2024
CVEs: CVE-2024-6387
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
On the Mindbreeze help website you find instructions to mitigate Mindbreeze InSpire installations prior to 24.3 Hotfix 2.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 24.3 Hotfix 2 Release
- Mindbreeze InSpire SaaS 24.3 Hotfix 2 Release