Upgrade ssh from SIG/security to fix CVE-2024-6387 (#404)

* upgrade ssh from SIG/security to fix CVE-2024-6387 * refactor ssh update from sig/security to work on existing fatimage
stackhpc · Jul 2, 2024 · 9b8ff9f · 9b8ff9f
1 parent 3602dc9
commit 9b8ff9f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml
@@ -157,6 +157,20 @@
   tags:
     - update
   tasks:
+    - name: Install SIG/security release repo
+      dnf:
+        name: rocky-release-security
+    - name: Update openssh
+      dnf:
+        name:
+          - openssh
+          - openssh-askpass
+          - openssh-clients
+          - openssh-server
+        state: latest
+        update_only: true
+        enablerepo:
+          - security-common
     - block:
       - name: Update selected packages
         yum: