CVE-2024-6387 details a flaw in OpenSSH that could *potentially* give an attacker a root shell in "6-8 hours"

It's not in MITRE yet, but Qualys have named it "regreSSHion" and you can read about it on their site

There's an updated package in Debian already, but it looks like the information's still embargoed (even the openssh package changelog is 404ing) so I can only *assume* they've fixed it but can't tell anyone yet (it wasn't on security.debian.org just now either

This is probably an update you don't want to be sleeping on