OpenSSH_8.9p1 in GitLab docker image gitlab-ee:16.11.5-ee.0 vulnerable to regreSSHion (CVE-2024-6387)

Summary

The official GitLab docker image: docker.io/gitlab/gitlab-ee:16.11.5-ee.0 comes with OpenSSH_8.9p1 Ubuntu-3ubuntu0.7, OpenSSL 3.0.2 15 Mar 2022.

According to https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server this version is vulnerable to CVE-2024-6387. This allows for Remote Unauthenticated Code Execution (RCE).

Steps to reproduce

ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.7, OpenSSL 3.0.2 15 Mar 2022

What is the current bug behavior?

GitLab docker comes with insecure OpenSSH_8.9p1

What is the expected correct behavior?

Use base image with updated openssh.

Relevant logs

Relevant logs

Details of package version

Provide the package version installation details

n/a