En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

OpenSSH Last version in Amazon Linux 2

1

Hi to all,

I'm trying to update OpenSSH Server version in a Amazon Linux 2, to fix some vulnerabilities like CVE-2017-15906 and CVE-2020-15778.

But, to fix it, I need the last version of OpenSSH server, which is 8.6. If I try to do "sudo yum update" and "sudo yum install openssh-server", the last version in the repositories are the 7.4p1.

Anyone know the way to upgrade to the 8.6 version? Many thanks!

Sujets
Calcul
Balises
Approvisionnement de Linux
Langue
English
mateogonzalez
demandé il y a 3 ans5322 vues
2 réponses
1

Sorry, maybe i don't explain my problem clearly.

My Vulnerability scanner detects and old version of OpenSSH (7.4). Therefore, associate this older version with this vulnerabilities. No detects explicitly the vulnerability, only de older version of OpenSSH.

So I need to update OpenSSH, but Amazon Linux repositories are out of date. Is there any way to update to 8.6 version?

I don't know how to add a new repository to fix this. Any tip?

Thanks

mateogonzalez
répondu il y a 3 ans
0

CVE-2017-15906 has been resolved as part of https://alas.aws.amazon.com/AL2/ALAS-2018-1042.html.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778 is disputed by the vendor, so no fix has been published for that yet.

Amazon Linux 2 uses the same process originating from Red Hat Enterprise Linux for stable linux distributions where they do not perform major upgrades of software. They will backport the fixes and keep the same version numbers.

JimmyFitbux
répondu il y a 3 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents