Hello, Community! Today Qualys's security team has disclosed a remotely exploitable vulnerability in OpenSSH server. It was assigned CVE-2024-6387 number and nicknamed "regreSSHion" because its cause is an accidental removal of code that fixed a much earlier vulnerability back in 2006. It affects OpenSSH versions older than 4.4p1 and versions between 8.5p1 and 9.8p1. VyOS 1.3.8 includes OpenSSH 7.9p1 and thus isn't vulnerable. VyOS 1.4.0 includes 9.2p1 and will need a patch to remain secure.
