This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSH version upgrade

Did Sophos already release a fix for these CVEs?

 

CVE-2015-5600, CVE-2015-6563, CVE-2015-6564

CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858.

 

These are considered vulnerability and what was advised to us is to perform patching or upgrade for OpenSSH. However, only Sophos can do that.

 

Feedbacks are highly appreciated.

 



This thread was automatically locked due to age.
Parents Reply Children
  • I just checked that Harro, and it looks like most of those CVEs were from before the Up2Date blog was started.  I looked for 2016-8858 and didn't find it either.  Then I searched in general for it and found that OpenSSH doesn't consider the CVE correct and did nothing about it.  As MBP said, most of those scanners are blunt knives, not honed, surgical steel. ;-)

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA