关于漏洞的详细说明,参考Rocky官方文档:https://rockylinux.org/news/2024-07-01-openssh-sigalrm-regression
修复方法
升级OpenSSH包到Rocky官方提供的修复版本 openssh-8.7p1-38.1.el9_4.security.0.7
即可。方法如下:
dnf install -y rocky-release-security
dnf config-manager --disable security-common
dnf --enablerepo=security-common update openssh
确认OpenSSH包已更新
# rpm -qa | grep openssh
openssh-8.7p1-38.1.el9_4.security.0.7.x86_64
openssh-server-8.7p1-38.1.el9_4.security.0.7.x86_64
openssh-clients-8.7p1-38.1.el9_4.security.0.7.x86_64
如果你是基于Rocky Linux自己定制的ISO, 可以用如下命令下载OpenSSH的升级包:
yum install -y yum-utils
dnf config-manager --enable security-common
yumdownloader --downloadonly --downloaddir=./ openssh-8.7p1-38.1.el9_4.security.0.7.x86_64
yumdownloader --downloadonly --downloaddir=./ openssh-server-8.7p1-38.1.el9_4.security.0.7.x86_64
yumdownloader --downloadonly --downloaddir=./ openssh-clients-8.7p1-38.1.el9_4.security.0.7.x86_64