Re: Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks a lot guys for the pointers.

Regards
Abhishek
On 14-Mar-2016 11:30 pm, "Philip Hands" <phil@xxxxxxxxx> wrote:

> abhi dhiman <abhi.dhiman83@xxxxxxxxx> writes:
>
> > Hi All,
> >
> > Actually I am working with the OpenSSH version 6.2p which is vulnerable
> to
> > above mentioned vulnerabilities.
>
> Are you sure?
>
> I was going to suggest that you take a look at Debian's packages, such
> as the 6.0p1 package from "wheezy", but looking at the changelog, I only
> see mention of CVE-2008-1483:
>
>
> http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.0p1-4+deb7u3_changelog
>
> Likewise for 6.6p1:
>
>
> http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.6p1-4~bpo70+1_changelog
>
> Note that CVE-2008-1483 was fixed in Debian's 4.7p1-5 package, in 22 Mar
> 2008, so I'm wondering who would have supplied a vulnerable version of
> 6.2p (release in 2012).
>
> It looks to me as though it was fixed in 4.9, so I'm very doubtful
> about the assertion that 6.2 is vulnerable.
>
> As for CVE-2015-6565, this:
>
>   https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6565
>
> claims that versions 6.8 and 6.9 are vulnerable, so again not 6.2.
>
> I'll leave you to look at the other two.
>
> Cheers, Phil.
> --
> |)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
> |-|  http://www.hands.com/    http://ftp.uk.debian.org/
> |(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux