Upgrade ssh from SIG/security to fix CVE-2024-6387 (#404)

sjpb · MaxBed4d · commit 18faae443f03 · 2024-10-15T14:51:50.000Z
* upgrade ssh from SIG/security to fix CVE-2024-6387 * refactor ssh update from sig/security to work on existing fatimage
diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml
@@ -157,6 +157,20 @@
   tags:
     - update
   tasks:
+    - name: Install SIG/security release repo
+      dnf:
+        name: rocky-release-security
+    - name: Update openssh
+      dnf:
+        name:
+          - openssh
+          - openssh-askpass
+          - openssh-clients
+          - openssh-server
+        state: latest
+        update_only: true
+        enablerepo:
+          - security-common
     - block:
       - name: Update selected packages
         yum:
