** Summary changed: - This is regarding the openssh vulnerability reported in our environment during security scan. Our environment base is ubuntu 16.04 Xenial. + Openssh vulnerability on ubuntu 16.04
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1891123 Title: Openssh vulnerability on ubuntu 16.04 Status in openssh package in Ubuntu: New Bug description: Hi This is regarding the openssh vulnerability reported in our environment during security scan. Our environment base is ubuntu 16.04 Xenial. Vulnerability report says that openssh is vulnerable in 16.04. It says: ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." As per below link this is ignored on 16.04. But as per the vulnerability scan in our environment this is reported as high priority issue. https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8858.html And this Vulnerability is reported to be fixed from 18.04 ubuntu releases in openssh 7.3 later versions. But in 16.04 the latest openssh version is of 7.2 As per https://launchpad.net/ubuntu/xenial/+source/openssh Can we even expect to be get this openssh vulnerability fixed even in 16.04? Best Regards, Sowmya Divvi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1891123/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
