After a network audit, it was been reported by the security tool that the Bluecoat XOS chassis was vulnerable to some SSH vulnerabilities.
Are Bluecoat XOS CPMs actually vulnerable to these two vulnerabilities? If so, is there a security patch available for them?
The first item (CVE-2007-4752) is covered by RHSA-2008:0855-6 from RedHat (http://rhn.redhat.com/errata/RHSA-2008-0855.html).
XOS 9.5.5 and later uses openssh 4.3p2-36.el5_4.2, which has the relevant security patch(es) incorporated.
The second item (CVE-2008-1483) was fixed in EL5 according to RedHat:
"Versions of openssh packages as shipped with Red Hat Enterprise Linux versions 4 and 5 are not vulnerable to this issue as it was fixed as a side effect of another change."