This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

openssh vulnerability CVE-2024-6387 responsibility.

Posted on 07-09-2024 11:29 AM
meiram
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Dear Support Team,

I hope this message finds you well.

I am writing to inquire about the responsibility for patching or updating the OpenSSH server to address potential vulnerabilities, specifically in relation to the recent regresshion CVE-2024-6387 issue. Could you please clarify whether it is the client's responsibility to manage these updates, or if the GCP support team handles them?

Thank you for your assistance.

Best regards,

 

1 1 562
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
azzi
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi Meiram,

I'm just a fellow GCP user like you. But from what can infer it depends on the type of the Cloud Services that GCP offers (IaaS, PaaS, etc.) The shared responsibility & shared fate model still applies https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate#shared_re...

In Compute Engine we (users) are obligated to update it as soon as the patch become available in Linux Distributions repo. So it is not GCP responsibility to do the update or make the updates available to you. https://cloud.google.com/compute/docs/security-bulletins#gcp-2024-040

While in GKE, GCP directly ask us to the follow the guidelines outlined here https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2024-040-gke

Regards,
Iza

Top Labels in this Space
Top Solution Authors
View all