CVE-2024-6387 - mitigation for Rocky Linux 9
TLDR:
The instructions below will disable the security-common repository so that only openssh from sig-security will be used.
The release package can be installed on other Enterprise Linux distributions. See sig-security wiki for more information.
- Install the SIG/Security release file
dnf install rocky-release-security
- Disable SIG/Security security-common repo
dnf config-manager --disable security-common
- Upgrade openssh
dnf --enablerepo=security-common update openssh\*
- Confirm version
openssh-8.7p1-38.el9_4.security.0.5is installed
rpm -q openssh