Public bug reported:
Hi
This is regarding the openssh vulnerability reported in our environment during
security scan.
Our environment base is ubuntu 16.04 Xenial.
Vulnerability report says that openssh is vulnerable in 16.04.
It says:
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x
through 7.3 allows remote attackers to cause a denial of service (memory
consumption) by sending many duplicate KEXINIT requests.
NOTE: a third party reports that "OpenSSH upstream does not consider this as a
security issue."
As per below link this is ignored on 16.04. But as per the vulnerability scan
in our environment this is reported as high priority issue.
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8858.html
And this Vulnerability is reported to be fixed from 18.04 ubuntu releases in
openssh 7.3 later versions.
But in 16.04 the latest openssh version is of 7.2 As per
https://launchpad.net/ubuntu/xenial/+source/openssh
Can we even expect to be get this openssh vulnerability fixed even in
16.04?
Best Regards,
Sowmya Divvi
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891123
Title:
Openssh vulnerability on ubuntu 16.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1891123/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
