diff --git a/images/ubuntu/templates/ubuntu-22.04.arm64.pkr.hcl b/images/ubuntu/templates/ubuntu-22.04.arm64.pkr.hcl
index 4a1b25a8a2a7..3ae97459c26b 100644
--- a/images/ubuntu/templates/ubuntu-22.04.arm64.pkr.hcl
+++ b/images/ubuntu/templates/ubuntu-22.04.arm64.pkr.hcl
@@ -359,6 +359,12 @@ build {
     scripts          = ["${path.root}/../scripts/ubicloud/setup-runner-user.sh"]
   }
 
+  // Update OpenSSH (https://ubuntu.com/security/CVE-2024-6387)
+  provisioner "shell" {
+    execute_command = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
+    inline          = ["sudo apt-get update -qq && sudo apt -qq -y satisfy 'openssh-server (>= 1:8.9p1-3ubuntu0.10)'"]
+  }
+
   // It's Hyper-V Key Value Pair daemon, which is not needed in Ubicloud
   // It blocks booting the VM if it's not disabled
   provisioner "shell" {
diff --git a/images/ubuntu/templates/ubuntu-22.04.gpu.pkr.hcl b/images/ubuntu/templates/ubuntu-22.04.gpu.pkr.hcl
index 25f8211fca1f..87c3165af8e3 100644
--- a/images/ubuntu/templates/ubuntu-22.04.gpu.pkr.hcl
+++ b/images/ubuntu/templates/ubuntu-22.04.gpu.pkr.hcl
@@ -378,6 +378,12 @@ build {
     inline          = ["sleep 30"]
   }
 
+  // Update OpenSSH (https://ubuntu.com/security/CVE-2024-6387)
+  provisioner "shell" {
+    execute_command = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
+    inline          = ["sudo apt-get update -qq && sudo apt -qq -y satisfy 'openssh-server (>= 1:8.9p1-3ubuntu0.10)'"]
+  }
+
   // It's Hyper-V Key Value Pair daemon, which is not needed in Ubicloud
   // It blocks booting the VM if it's not disabled
   provisioner "shell" {
diff --git a/images/ubuntu/templates/ubuntu-22.04.pkr.hcl b/images/ubuntu/templates/ubuntu-22.04.pkr.hcl
index 8a6946d1fac6..b5ec2986bf37 100644
--- a/images/ubuntu/templates/ubuntu-22.04.pkr.hcl
+++ b/images/ubuntu/templates/ubuntu-22.04.pkr.hcl
@@ -433,6 +433,12 @@ build {
     scripts          = ["${path.root}/../scripts/ubicloud/setup-runner-user.sh"]
   }
 
+  // Update OpenSSH (https://ubuntu.com/security/CVE-2024-6387)
+  provisioner "shell" {
+    execute_command = "sudo sh -c '{{ .Vars }} {{ .Path }}'"
+    inline          = ["sudo apt-get update -qq && sudo apt -qq -y satisfy 'openssh-server (>= 1:8.9p1-3ubuntu0.10)'"]
+  }
+
   // It's Hyper-V Key Value Pair daemon, which is not needed in Ubicloud
   // It blocks booting the VM if it's not disabled
   provisioner "shell" {