Open SSH 7.8 related vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vcenter 7.0
search cancel

Open SSH 7.8 related vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vcenter 7.0

book

Article ID: 369479

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Scanner flagging CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2018-15919 on vcenter 7.0

Environment

vcenter 7.x

Cause

Openssh version on vcenter 7< 8.0

Resolution

The major vulnerabilities are shared via the VMSA portal. Since these are not deemed critical, they have not been included in the security advisory.

The CVEs are related to OpenSSH 7.8, which was implemented in vCenter 7.0.

  • CVE-2018-20685 is addressed in openssh-7.8p1-2.ph3.x86_64.rpm
  • CVE-2019-6109 and CVE-2019-6111 are addressed in openssh-7.8p1-3.ph3.x86_64.rpm
  • CVE-2019-6110 is addressed in openssh-7.8p1-4.ph3.x86_64.rpm
  • CVE-2018-15919 is addressed in openssh-7.5p1-10.ph3.x86_64.rpm

The issues with OpenSSH are addressed in openssh-7.8p1-4.ph3.x86_64.rpm.

In vCenter Server 7.0 Update 3d, the OpenSSH version has been upgraded to 7.8p1-10.ph3.

In vCenter 8.0 U2b, the OpenSSH version has been upgraded to 8.9p1-4.ph4.

 

Reference:

https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vcenter-server-appliance-photonos-security-patches/index.html

VMware vCenter Server Photon OS Security Patches


Therefore, we recommend upgrading to the latest versions: vCenter 7.0 U3d or vCenter 8.0 U2b to ensure you have the updated OpenSSH versions.

Additional Information

Powered by Wolken Software