VDB
JLSEC-2026-71
JLSEC-2026-71
PUBLISHED
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | OpenSSH_jll | 8.9.0+0, 8.9.0+0 |
Timeline
- Apr 9, 2026 CVE Published
- Apr 9, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
References
- https://access.redhat.com/errata/RHSA-2024:4312 url
- https://access.redhat.com/errata/RHSA-2024:4340 url
- https://access.redhat.com/errata/RHSA-2024:4389 url
- https://access.redhat.com/errata/RHSA-2024:4469 url
- https://access.redhat.com/errata/RHSA-2024:4474 url
- https://access.redhat.com/errata/RHSA-2024:4479 url
- https://access.redhat.com/errata/RHSA-2024:4484 url
- https://access.redhat.com/security/cve/CVE-2024-6387 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2294604 url
- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html url
- https://www.openssh.com/txt/release-9.8 url
- https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt url
- http://seclists.org/fulldisclosure/2024/Jul/18 url
- http://seclists.org/fulldisclosure/2024/Jul/19 url
- http://seclists.org/fulldisclosure/2024/Jul/20 url
- http://www.openwall.com/lists/oss-security/2024/07/01/12 url
- http://www.openwall.com/lists/oss-security/2024/07/01/13 url
- http://www.openwall.com/lists/oss-security/2024/07/02/1 url
- http://www.openwall.com/lists/oss-security/2024/07/03/1 url
- http://www.openwall.com/lists/oss-security/2024/07/03/11 url
…and 59 more