The open source project openssh, which is a remote access service used by many customers of JCloud, recently contained a critical security vulnerability allowing RCE remote code execution caused by its signal handler during pre-authentication and before chroot/privilege seperation was performed.

The vulnerability is unlikely to be triggered on 64bit systems, but likely on 32bit.

The vulnerability has been patched in version 9.8p1.

Note that JCloud do not use SSH. It is only used by customers.

CVE-2024-6387

2024-07-01