diff --git a/openssh-9.8p1-upstream-cve-2024-6387.patch b/openssh-9.8p1-upstream-cve-2024-6387.patch
new file mode 100644
index 0000000..754d279
--- /dev/null
+++ b/openssh-9.8p1-upstream-cve-2024-6387.patch
@@ -0,0 +1,18 @@
+diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
+--- openssh-8.7p1/log.c.xxx 2024-06-28 11:02:43.949912398 +0200
++++ openssh-8.7p1/log.c 2024-06-28 11:02:58.652297885 +0200
+@@ -455,12 +455,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+ LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ va_list args;
+
+ va_start(args, fmt);
+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ suffix, fmt, args);
+ va_end(args);
++#endif
+ _exit(1);
+ }
+
diff --git a/openssh.spec b/openssh.spec
index bb29732..714286a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -47,7 +47,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1
-%global openssh_rel 41
+%global openssh_rel 42
%global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 5
@@ -292,6 +292,7 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
Patch1020: openssh-8.7p1-sigpipe.patch
+Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch
License: BSD
Requires: /sbin/nologin
@@ -517,6 +518,7 @@ popd
%patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385
%patch1020 -p1 -b .earlypipe
+%patch1021 -p1 -b .cve-2024-6387
autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -804,6 +806,10 @@ test -f %{sysconfig_anaconda} && \
%endif
%changelog
+* Thu Jul 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-42
+- Possible remote code execution due to a race condition (CVE-2024-6387)
+ Resolves: RHEL-45348
+
* Mon Jun 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-41
- Fix ssh multiplexing connect timeout processing
Resolves: RHEL-37748