diff --git a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6409.patch b/SOURCES/openssh-8.7p1-rocky-CVE-2024-6409.patch
deleted file mode 100644
index 92e9d6a8a7fc4cc81bc6c35c0645a55511687c85..0000000000000000000000000000000000000000
--- a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6409.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urp openssh-8.7p1-38.el9_4.1-tree.orig/sshd.c openssh-8.7p1-38.el9_4.1-tree/sshd.c
---- openssh-8.7p1-38.el9_4.1-tree.orig/sshd.c	2024-07-08 03:42:51.431994307 +0200
-+++ openssh-8.7p1-38.el9_4.1-tree/sshd.c	2024-07-08 03:48:13.860316451 +0200
-@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
- 
- 	/* Log error and exit. */
- 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
--		cleanup_exit(255); /* don't log in privsep child */
-+		_exit(1); /* don't log in privsep child */
- 	else {
- 		sigdie("Timeout before authentication for %s port %d",
- 		    ssh_remote_ipaddr(the_active_state),
diff --git a/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
index 754d279ec2fe81920febfb56e28c360a6fd4e0cd..fffd50a0951de858c3ecc3efdce8bf09f4f68db3 100644
--- a/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
+++ b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
@@ -16,3 +16,15 @@ diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
  	_exit(1);
  }
  
+diff -up openssh-8.7p1/sshd.c.xxx openssh-8.7p1/sshd.c
+--- openssh-8.7p1/sshd.c.xxx	2024-07-01 10:33:04.332907749 +0200
++++ openssh-8.7p1/sshd.c	2024-07-01 10:33:47.843998038 +0200
+@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
+ 
+ 	/* Log error and exit. */
+ 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+-		cleanup_exit(255); /* don't log in privsep child */
++		_exit(255); /* don't log in privsep child */
+ 	else {
+ 		sigdie("Timeout before authentication for %s port %d",
+ 		    ssh_remote_ipaddr(the_active_state),
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index ee88f6820969dea6ad9f64731dd820d439f4689b..c3b6e92694edada10e3230eefd59993aec60789b 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -47,10 +47,10 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 38.1
+%global openssh_rel 38.4
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
-%global security_rel 0.7
+%global security_rel 0.8
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@@ -291,8 +291,6 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
 Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch
 
-Patch8901: openssh-8.7p1-rocky-CVE-2024-6409.patch
-
 Patch9000: openssh-8.7p1-rocky-systemd.patch
 Patch9001: openssh-8.7p1-rocky-no-gssapi.patch
 
@@ -521,8 +519,6 @@ popd
 %patch1019 -p1 -b .cve-2023-51385
 %patch1020 -p1 -b .cve-2024-6387
 
-%patch8901 -p1 -b .cve-2024-6409
-
 %patch9000 -p1 -b .rocky-systemd
 %patch9001 -p1 -b .rocky-no-gssapi
 
@@ -812,6 +808,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Wed Jul 17 2024 Solar Designer <solar@openwall.com> 8.7p1-38.4.el9_4.security.0.8
+- Rebase on 8.7p1-38.4
+
 * Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.7
 - Fix CVE-2024-6409
 
@@ -845,6 +844,16 @@ test -f %{sysconfig_anaconda} && \
   child process to avoid polluting actual sshd's address space with that
   library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines)
 
+* Wed Jul 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.4
+- rebuilt
+
+* Wed Jul 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.3
+- rebuilt
+
+* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.2
+- Possible remote code execution due to a race condition (CVE-2024-6409)
+  Resolves: RHEL-45740
+
 * Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
 - Possible remote code execution due to a race condition (CVE-2024-6387)
   Resolves: RHEL-45347