Urgent Maintenance for all Stacks: Brief Interruption to SSH Sessions and Database Tunnels - CVE-2024-6387 (RegreSSHion)
Scheduled Maintenance Report for Aptible
Completed
Maintenance is complete, and updated services vulnerable to CVE-2024-6387 (RegreSSHion) across all stacks.

RegreSSHion is a vulnerability in OpenSSH disclosed on July 1, 2024, with no known public exploit at the time of this maintenance. Aptible performed an assessment of our systems on July 1 related to this CVE, and addressed any required patching as a part of this maintenance.

For more information on CVE-2024-6387, refer to: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Aptible continues to monitor the situation around RegreSSHion.

Update 7/8/2024: Aptible is aware of the related vulnerability CVE-2024-6409 and has determined no further maintenance is necessary.
Posted Jul 01, 2024 - 11:57 EDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Jul 01, 2024 - 10:49 EDT
Scheduled
Our team will be performing an urgent update on bastion hosts for all Stacks. The expected impact is that Ephemeral SSH sessions and Database Tunnels will be disconnected, but should immediately be available to reconnect. Operation logs being streamed via the CLI will also be interrupted, but the Operations will continue without being impacted.

App connectivity, Database connectivity, and internet connectivity will not be impacted by this maintenance.

The expected duration of impact of each stack is approximately 5 minutes.
Posted Jul 01, 2024 - 10:48 EDT
This scheduled maintenance affected: Aptible Deploy.