CVE-2017-15906 has been resolved as part of https://alas.aws.amazon.com/AL2/ALAS-2018-1042.html.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778 is disputed by the vendor, so no fix has been published for that yet.
Amazon Linux 2 uses the same process originating from Red Hat Enterprise Linux for stable linux distributions where they do not perform major upgrades of software. They will backport the fixes and keep the same version numbers.
Sorry, maybe i don't explain my problem clearly.
My Vulnerability scanner detects and old version of OpenSSH (7.4). Therefore, associate this older version with this vulnerabilities. No detects explicitly the vulnerability, only de older version of OpenSSH.
So I need to update OpenSSH, but Amazon Linux repositories are out of date. Is there any way to update to 8.6 version?
I don't know how to add a new repository to fix this. Any tip?
Linux 2 OpenSSH Failing Vulnerability Scanasked 6 months ago
How to install openjdk-11.0.16 version in amazon linux 2asked 17 days ago
IMDSv2 in yum (Amazon Linux 2)Accepted Answerasked 2 years ago
glibc 2.27+ on Amazon Linux 2asked a year ago
OpenSSH Last version in Amazon Linux 2asked a year ago
Amazon Linux 2 Apache package version updateasked a year ago
How to know exact version of Amazon Linux 2?asked 15 days ago
When to update apache 2.4.52 on amazon linux ?asked a year ago
Trying to patch a vulnerability and understand OpenSSL versions in Amazon Linux 2asked 3 months ago
Amazon Linux 2 - How can I know if a CVE has been patched?asked 4 months ago