OpenSSH 9.8 Fixes Critical sshd Vulnerability

OpenSSH 9.8 enhances security, fixing critical race conditions in sshd and logic errors in ssh.

Today, the OpenSSH project announced the release of OpenSSH 9.8, available for download on its official mirrors. This release patched a critical issue (CVE-2024-6387) found in Portable OpenSSH versions 8.5p1 to 9.7p1.

The vulnerability, potentially allowing arbitrary code execution with root privileges, particularly affected 32-bit Linux systems with ASLR.

Although the exploit has not been demonstrated on 64-bit systems, the possibility remains, heightening the risk for systems without effective address space layout randomization (ASLR).

Another key fix was for a logic error from versions 9.5 through 9.7, which made the ObscureKeystrokeTiming feature ineffective. This vulnerability could enable a passive observer to detect keystrokes, posing a risk, particularly when sensitive information like passwords is entered.

As we informed you in January, OpenSSH plans to completely phase out support for the DSA signature algorithm by early 2025. This version has already disabled DSA keys by default due to their inherent weaknesses and outdated technology. Users requiring DSA can re-enable it via specific build options detailed in the release notes.

Moreover, OpenSSH 9.8 introduces a new penalty system in sshd, blocking addresses showing suspicious behaviors such as repeated failed authentication attempts. This feature aims to enhance security by reducing the risk of brute-force attacks.

Alongside these enhancements, the update includes numerous bug fixes across its suite of tools and a few potentially incompatible changes, such as the removal of certain deprecated features and changes in server behavior.

Lastly, the release also focuses on system compatibility and build improvements, ensuring broader support across different systems and configurations. Notably, it enhances detection capabilities for OpenSSL configurations and introduces changes to support notifications for systemd in environments that use it.

Check out the release announcement for detailed information about all changes in OpenSSH 9.8

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%