We would like to inform you of a recent security vulnerability (CVE-2024-6387), which has been discovered in the OpenSSH component (versions 8.5p1 to 9.7p1) impacting operating systems based on Red Hat 9 (CentOS Stream, Rocky Linux, AlmaLinux).

This vulnerability would allow an unauthenticated attacker to remotely execute code with root privileges. The exploit has so far only been proven on 32-bit systems.
However, it is important to note that to exploit this flaw, continuous connections of 6 to 8 hours are required.

As part of our migration plan to Alma Linux, we would like to assure you that security is a priority.

The old GoFAST architecture using the CentOS operating system is not impacted; under Almalinux (the new architecture), we have updated the package to correct this vulnerability.

Best regards,

Léa Angelloz

Useful link: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-009/