Important Notice: Security vulnerability of OpenSSH (updated at 5 July 2024)

關於 OpenSSH 的安全漏洞通告 (更新於 2024年7月5日)

 2024-07-05     ICTO     Bulletin / 公告    (Expired/已過期)

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), OpenSSH have recently issued remote code execution vulnerability about its products.  A remote attacker can exploit this vulnerability to trigger remote execute arbitrary code and bypass security restrictions. Furthermore, this vulnerability is widely exploited.

Affected products are: OpenSSH < 4.4p1 and 8.5p1 <= OpenSSH < 9.8p1

If the relevant affected products are used, users must install security updates that is officially released by OpenSSH as soon as possible.

For more details, please refer to: 
https://www.openssh.com/releasenotes.html
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,OpenSSH 官方 近日發出有關於其產品遠端程式碼執行
漏洞 遠端攻擊者可利用這漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制 。 此外, 該漏洞亦正在被廣泛利用。

受影響產品為: OpenSSH < 4.4p1 和 8.5p1 <= OpenSSH < 9.8p1 

倘有使用相關受影響產品,用戶須盡快安裝由 OpenSSH 官方釋出的安全更新

有關詳情可參考:
https://www.openssh.com/releasenotes.html
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部