Vulnerabilities found in Openssh prior to version 9.6
search cancel

Vulnerabilities found in Openssh prior to version 9.6

book

Article ID: 369642

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The following CVEs:

  • CVE-2023-48795
  • CVE-2023-51384
  • CVE-2023-51385
  • CVE-2023-28531

have been reported by Nessus scanner as affecting Aria operations and Aria Operations for logs.

Environment

Aria operations 8.12 and later

Aria operations for logs 812 and Later

Resolution

To verify the version of Photon OS on your appliance run command:

cat /etc/photon-release/ 

 

To verify the version of openssh on your appliance run command:

rpm -qa | grep openssh 

 

CVE-2023-48795:

For Photon OS 4 and below the CVE is not fixed due to complexity of backporting the patch to lower version. Will be fixed when Aria Operations moves to Photon OS 5 in later releases

For Photon OS 5  above CVE is resolved on version 9.3p2-7.ph5

 

CVE-2023-51384:

For Photon OS 3, above CVE is not fixed

For Photon OS 4, above CVE is resolved on version 8.9p1-6.ph4

For Photon OS 5,  above CVE is resolved on version 9.3p2-7.ph5

 

CVE-2023-51385

For Photon OS 3, above CVE is resolved on version 7.8p1-18.ph3

For Photon OS 4, above CVE is resolved on version 8.9p1-5.ph4

For Photon OS 5, above CVE is resolved on version 9.3p2-5.ph5

 

CVE-2023-25831

For Photon OS 4, above CVE is resolved on version 8.9p1-1

For Photon OS 5, above CVE is resolved on version 9.1p1-8