abhi dhiman
2016-Mar-08 13:19 UTC
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote:> Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working with the OpenSSH version 6.2p which is vulnerable > to > > above mentioned vulnerabilities. > > > > So am looking for some help how I can fix these vulnerabilities in my > > version. I need to fix it in the OpenSSH code. > > "Upgrade to 7.2"? > > gert > -- > USENET is *not* the non-clickable part of WWW! > // > www.muc.de/~gert/ > Gert Doering - Munich, Germany > gert at greenie.muc.de > fax: +49-89-35655025 > gert at net.informatik.tu-muenchen.de >-- abhi~dhiman
Martin Hecht
2016-Mar-08 13:38 UTC
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Was that ssh shipped with your OS distribution? If yes, it might already be patched if you have installed the OS security patches. Check with your OS vendor. On 03/08/2016 02:19 PM, abhi dhiman wrote:> Hi Gert, > > Thanks for your reply. > > But we can't upgrade to 7.2 version also we don't have plan to upgrade in > near future. Can I fix these vulnerabilities in the current version? > > Regards > Abhishek > > On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > >> Hi, >> >> On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: >>> Actually I am working with the OpenSSH version 6.2p which is vulnerable >> to >>> above mentioned vulnerabilities. >>> >>> So am looking for some help how I can fix these vulnerabilities in my >>> version. I need to fix it in the OpenSSH code. >> "Upgrade to 7.2"? >> >> gert >> -- >> USENET is *not* the non-clickable part of WWW! >> // >> www.muc.de/~gert/ >> Gert Doering - Munich, Germany >> gert at greenie.muc.de >> fax: +49-89-35655025 >> gert at net.informatik.tu-muenchen.de >> > >-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2252 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160308/4fab4a6e/attachment.bin>
abhi dhiman
2016-Mar-14 07:01 UTC
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi All, Please direct me to the code changes for above vulnerabilities. We don't have a vendor but we use Openssh in our software. So can't upgrade it right now. Regards Abhishek On Tue, Mar 8, 2016 at 7:08 PM, Martin Hecht <hecht at hlrs.de> wrote:> > Was that ssh shipped with your OS distribution? If yes, it might already > be patched if you have installed the OS security patches. Check with > your OS vendor. > > On 03/08/2016 02:19 PM, abhi dhiman wrote: > > Hi Gert, > > > > Thanks for your reply. > > > > But we can't upgrade to 7.2 version also we don't have plan to upgrade in > > near future. Can I fix these vulnerabilities in the current version? > > > > Regards > > Abhishek > > > > On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> > wrote: > > > >> Hi, > >> > >> On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > >>> Actually I am working with the OpenSSH version 6.2p which is vulnerable > >> to > >>> above mentioned vulnerabilities. > >>> > >>> So am looking for some help how I can fix these vulnerabilities in my > >>> version. I need to fix it in the OpenSSH code. > >> "Upgrade to 7.2"? > >> > >> gert > >> -- > >> USENET is *not* the non-clickable part of WWW! > >> // > >> www.muc.de/~gert/ > >> Gert Doering - Munich, Germany > >> gert at greenie.muc.de > >> fax: +49-89-35655025 > >> gert at net.informatik.tu-muenchen.de > >> > > > > > > >-- abhi~dhiman