Hardware, Installation, Up2Date, Licensing OpenSSH version upgrade

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 5 subscribers
Views 4728 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSH version upgrade

Max Zuniga over 5 years ago

Did Sophos already release a fix for these CVEs?

CVE-2015-5600, CVE-2015-6563, CVE-2015-6564

CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858.

These are considered vulnerability and what was advised to us is to perform patching or upgrade for OpenSSH. However, only Sophos can do that.

Feedbacks are highly appreciated.

This thread was automatically locked due to age.

Parents

0 Harro Verton over 5 years ago

The CVE's fixed are usually listed in the release notes, so these could be searched?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Harro Verton over 5 years ago

The CVE's fixed are usually listed in the release notes, so these could be searched?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 5 years ago in reply to Harro Verton

I just checked that Harro, and it looks like most of those CVEs were from before the Up2Date blog was started. I looked for 2016-8858 and didn't find it either. Then I searched in general for it and found that OpenSSH doesn't consider the CVE correct and did nothing about it. As MBP said, most of those scanners are blunt knives, not honed, surgical steel. ;-)

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel