What to do about SSH vulnerability, CVE-2024-6387

Hi guys,

just found about the new OpenSSH vulnerability… My ssh -V is outputing OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w 11 Sep 2023 which is unsafe. What should be done to update to a patched version?


Edit: Just found out that version 8.5p1 (and above) are the ones vulnerable. Make sure you check your ssh version!

According to CVE-2024-6387, Debian 11 / Bullseye is “not affected”