A new remote code execution vulnerability (CVE-2024-6409) has been discovered in OpenSSH, affecting RHEL 9's versions 8.7p1 and 8.8p1, as well as unmaintained Fedora. This vulnerability, discovered by solardiz, allows remote code execution via a race condition in the privsep child process. Active exploits have been detected, and this bug is distinct from CVE-2024-6387 but shares similarities. Additionally, GitLab has patched a critical vulnerability (CVE-2024-6385) with a CVSS score of 9.6, which allowed attackers to run pipeline jobs as any user. GitLab urges users to upgrade immediately to mitigate the risk.