If a CVE database lists my version of OpenSSH as vulnerable, is it possible that it has been patched but retains the version number?
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.
Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?
openssh vulnerability
add a comment |Â
up vote
6
down vote
favorite
I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.
Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?
openssh vulnerability
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
1
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.
Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?
openssh vulnerability
I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.
Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?
openssh vulnerability
edited Jul 4 at 5:00
muru
33.1k576139
33.1k576139
asked Jul 3 at 20:07
user187205
1312
1312
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
1
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24
add a comment |Â
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
1
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
1
1
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
11
down vote
CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.
There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.
add a comment |Â
up vote
7
down vote
Got fixed in 7.4p1-16, way back in November 2017.
$ rpm -q openssh-server
openssh-server-7.4p1-16.el7.x86_64
$ rpm -q --changelog openssh-server | grep CVE-2017-15906
- Fix for CVE-2017-15906 (#1517226)
$ rpm -q --changelog openssh-server | head
* Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
- Fix for CVE-2017-15906 (#1517226)
* Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
$
1
handy tip -grep -A20
for "twenty linesA
fter a match" (and its friends,-B
efore and-C
ontext)
â Riking
Jul 4 at 6:11
add a comment |Â
up vote
2
down vote
OpenSSH 7.4p1 is affected by CVE-2017-15906.
... unless the distributor of that OpenSSH package has patched it.
An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500
Similarly for Fedora (7.4p1).
Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).
add a comment |Â
up vote
1
down vote
According to the bugzilla the security bug is fixed on the 7.6
version for the system based on RHEL 7:
Fixed In Version: openssh 7.6
The description on RHEL CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Also this information is available on the openssh 7.6 release note
Changes since OpenSSH 7.5
Security
- sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
The bug is fixed on 10 Apr 2018 for the openssh-7.4p1
: openssh security, bug fix, and enhancement update
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
11
down vote
CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.
There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.
add a comment |Â
up vote
11
down vote
CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.
There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.
add a comment |Â
up vote
11
down vote
up vote
11
down vote
CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.
There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.
CentOS is just rebuilt RHEL so your system is safe, if you updated to openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.
There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.
edited Jul 3 at 21:08
answered Jul 3 at 21:02
Jakuje
15.6k52850
15.6k52850
add a comment |Â
add a comment |Â
up vote
7
down vote
Got fixed in 7.4p1-16, way back in November 2017.
$ rpm -q openssh-server
openssh-server-7.4p1-16.el7.x86_64
$ rpm -q --changelog openssh-server | grep CVE-2017-15906
- Fix for CVE-2017-15906 (#1517226)
$ rpm -q --changelog openssh-server | head
* Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
- Fix for CVE-2017-15906 (#1517226)
* Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
$
1
handy tip -grep -A20
for "twenty linesA
fter a match" (and its friends,-B
efore and-C
ontext)
â Riking
Jul 4 at 6:11
add a comment |Â
up vote
7
down vote
Got fixed in 7.4p1-16, way back in November 2017.
$ rpm -q openssh-server
openssh-server-7.4p1-16.el7.x86_64
$ rpm -q --changelog openssh-server | grep CVE-2017-15906
- Fix for CVE-2017-15906 (#1517226)
$ rpm -q --changelog openssh-server | head
* Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
- Fix for CVE-2017-15906 (#1517226)
* Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
$
1
handy tip -grep -A20
for "twenty linesA
fter a match" (and its friends,-B
efore and-C
ontext)
â Riking
Jul 4 at 6:11
add a comment |Â
up vote
7
down vote
up vote
7
down vote
Got fixed in 7.4p1-16, way back in November 2017.
$ rpm -q openssh-server
openssh-server-7.4p1-16.el7.x86_64
$ rpm -q --changelog openssh-server | grep CVE-2017-15906
- Fix for CVE-2017-15906 (#1517226)
$ rpm -q --changelog openssh-server | head
* Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
- Fix for CVE-2017-15906 (#1517226)
* Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
$
Got fixed in 7.4p1-16, way back in November 2017.
$ rpm -q openssh-server
openssh-server-7.4p1-16.el7.x86_64
$ rpm -q --changelog openssh-server | grep CVE-2017-15906
- Fix for CVE-2017-15906 (#1517226)
$ rpm -q --changelog openssh-server | head
* Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
- Fix for CVE-2017-15906 (#1517226)
* Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
$
answered Jul 3 at 21:16
steve
12k22047
12k22047
1
handy tip -grep -A20
for "twenty linesA
fter a match" (and its friends,-B
efore and-C
ontext)
â Riking
Jul 4 at 6:11
add a comment |Â
1
handy tip -grep -A20
for "twenty linesA
fter a match" (and its friends,-B
efore and-C
ontext)
â Riking
Jul 4 at 6:11
1
1
handy tip -
grep -A20
for "twenty lines A
fter a match" (and its friends, -B
efore and -C
ontext)â Riking
Jul 4 at 6:11
handy tip -
grep -A20
for "twenty lines A
fter a match" (and its friends, -B
efore and -C
ontext)â Riking
Jul 4 at 6:11
add a comment |Â
up vote
2
down vote
OpenSSH 7.4p1 is affected by CVE-2017-15906.
... unless the distributor of that OpenSSH package has patched it.
An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500
Similarly for Fedora (7.4p1).
Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).
add a comment |Â
up vote
2
down vote
OpenSSH 7.4p1 is affected by CVE-2017-15906.
... unless the distributor of that OpenSSH package has patched it.
An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500
Similarly for Fedora (7.4p1).
Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).
add a comment |Â
up vote
2
down vote
up vote
2
down vote
OpenSSH 7.4p1 is affected by CVE-2017-15906.
... unless the distributor of that OpenSSH package has patched it.
An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500
Similarly for Fedora (7.4p1).
Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).
OpenSSH 7.4p1 is affected by CVE-2017-15906.
... unless the distributor of that OpenSSH package has patched it.
An example of a distributor patching this particular CVE in an affected OpenSSH package may be found in this changelog entry for 7.5p1 on Ubuntu (they have not distributed a patched 7.4p1 as far as I could see after only a brief look):
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 16 Jan 2018 08:28:47 -0500
Similarly for Fedora (7.4p1).
Unfortunately, CentOS does not seem to have an easily accessible database of package updates (that I could find).
edited Jul 3 at 20:46
answered Jul 3 at 20:21
Kusalananda
101k13199312
101k13199312
add a comment |Â
add a comment |Â
up vote
1
down vote
According to the bugzilla the security bug is fixed on the 7.6
version for the system based on RHEL 7:
Fixed In Version: openssh 7.6
The description on RHEL CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Also this information is available on the openssh 7.6 release note
Changes since OpenSSH 7.5
Security
- sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
The bug is fixed on 10 Apr 2018 for the openssh-7.4p1
: openssh security, bug fix, and enhancement update
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
add a comment |Â
up vote
1
down vote
According to the bugzilla the security bug is fixed on the 7.6
version for the system based on RHEL 7:
Fixed In Version: openssh 7.6
The description on RHEL CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Also this information is available on the openssh 7.6 release note
Changes since OpenSSH 7.5
Security
- sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
The bug is fixed on 10 Apr 2018 for the openssh-7.4p1
: openssh security, bug fix, and enhancement update
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
add a comment |Â
up vote
1
down vote
up vote
1
down vote
According to the bugzilla the security bug is fixed on the 7.6
version for the system based on RHEL 7:
Fixed In Version: openssh 7.6
The description on RHEL CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Also this information is available on the openssh 7.6 release note
Changes since OpenSSH 7.5
Security
- sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
The bug is fixed on 10 Apr 2018 for the openssh-7.4p1
: openssh security, bug fix, and enhancement update
According to the bugzilla the security bug is fixed on the 7.6
version for the system based on RHEL 7:
Fixed In Version: openssh 7.6
The description on RHEL CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Also this information is available on the openssh 7.6 release note
Changes since OpenSSH 7.5
Security
- sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
The bug is fixed on 10 Apr 2018 for the openssh-7.4p1
: openssh security, bug fix, and enhancement update
edited Jul 3 at 21:35
answered Jul 3 at 21:02
GAD3R
22k154891
22k154891
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
add a comment |Â
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
1
1
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
probably there is a bad first link? Anyway, there is no openssh 7.6 in RHEL/CentOS
â Jakuje
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
@Jakuje thank you , I will edit
â GAD3R
Jul 3 at 21:04
2
2
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
But this still does not answer the question, if the version 7.4 in centos is vulnerable or not. I will not let you wait any longer. Just see my answer that will reveal that secret for you :)
â Jakuje
Jul 3 at 21:08
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f453294%2fif-a-cve-database-lists-my-version-of-openssh-as-vulnerable-is-it-possible-that%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
That's possible. What OS are you running?
â jordanm
Jul 3 at 20:16
I'm running CentOS Linux
â user187205
Jul 3 at 20:30
1
If it's CentOS (or RHEL, which is what CentOS is based on), then it's a near certainty if something gets patched that the version number does not change. An explanation of why is a bit out of scope here though.
â Austin Hemmelgarn
Jul 4 at 13:24