HCE2-SA-2024-0247 Important HCE 2.0 Security Fix(es): A race condition vulnerability was discovered in how signals are handled by OpenSSH_x27;s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd_x27;s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. (CVE-2024-6409) HCE 2.0 openssh-8.8p1-2.r35.hce2.aarch64.rpm openssh-askpass-8.8p1-2.r35.hce2.aarch64.rpm openssh-clients-8.8p1-2.r35.hce2.aarch64.rpm openssh-help-8.8p1-2.r35.hce2.noarch.rpm openssh-keycat-8.8p1-2.r35.hce2.aarch64.rpm openssh-server-8.8p1-2.r35.hce2.aarch64.rpm pam_ssh_agent_auth-0.10.4-4.2.r35.hce2.aarch64.rpm openssh-8.8p1-2.r35.hce2.x86_64.rpm openssh-askpass-8.8p1-2.r35.hce2.x86_64.rpm openssh-clients-8.8p1-2.r35.hce2.x86_64.rpm openssh-keycat-8.8p1-2.r35.hce2.x86_64.rpm openssh-server-8.8p1-2.r35.hce2.x86_64.rpm pam_ssh_agent_auth-0.10.4-4.2.r35.hce2.x86_64.rpm