diff --git a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
similarity index 59%
rename from SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
rename to SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
index 171f735b5eb4ac3a9cc7e9850b188a67a1705715..754d279ec2fe81920febfb56e28c360a6fd4e0cd 100644
--- a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
+++ b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
@@ -1,7 +1,7 @@
-diff -urpN openssh-8.7p1.orig/log.c openssh-8.7p1/log.c
---- openssh-8.7p1.orig/log.c	2021-08-20 06:03:49.000000000 +0200
-+++ openssh-8.7p1/log.c	2024-07-01 12:26:30.381040908 +0200
-@@ -448,12 +448,14 @@ void
+diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
+--- openssh-8.7p1/log.c.xxx	2024-06-28 11:02:43.949912398 +0200
++++ openssh-8.7p1/log.c	2024-06-28 11:02:58.652297885 +0200
+@@ -455,12 +455,14 @@ void
  sshsigdie(const char *file, const char *func, int line, int showfunc,
      LogLevel level, const char *suffix, const char *fmt, ...)
  {
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 34633d227fc12828da29a919aee31e9bfa0b3994..9d62d37a098c9458b4d5556733c8073b80dd4c4b 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -47,10 +47,10 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 38
+%global openssh_rel 38.1
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
-%global security_rel 0.5
+%global security_rel 0.6
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@@ -289,8 +289,7 @@ Patch1017: openssh-9.4p2-limit-delay.patch
 Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
-
-Patch8900: openssh-8.7p1-rocky-CVE-2024-6387.patch
+Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch
 
 Patch9000: openssh-8.7p1-rocky-systemd.patch
 Patch9001: openssh-8.7p1-rocky-no-gssapi.patch
@@ -518,8 +517,7 @@ popd
 %patch1017 -p1 -b .limitdelay
 %patch1018 -p1 -b .cve-2023-48795
 %patch1019 -p1 -b .cve-2023-51385
-
-%patch8900 -p1 -b .rocky-cve-2024-6387
+%patch1020 -p1 -b .cve-2024-6387
 
 %patch9000 -p1 -b .rocky-systemd
 %patch9001 -p1 -b .rocky-no-gssapi
@@ -810,6 +808,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.6
+- Rebase on 8.7p1-38.1
+
 * Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
 - Fix CVE-2024-6387 regreSSHion
 
@@ -837,6 +838,10 @@ test -f %{sysconfig_anaconda} && \
   child process to avoid polluting actual sshd's address space with that
   library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines)
 
+* Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
+- Possible remote code execution due to a race condition (CVE-2024-6387)
+  Resolves: RHEL-45347
+
 * Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
 - Fix Terrapin attack
   Resolves: CVE-2023-48795