Vulnerabilities found in Openssh prior to version 9.6
search cancel

Vulnerabilities found in Openssh prior to version 9.6

book

Article ID: 369642

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The following CVEs have been reported by Nessus scanner as affecting Aria operations and Aria Operations for logs.

  • CVE-2023-48795
  • CVE-2023-51384
  • CVE-2023-51385
  • CVE-2023-28531

 

Environment

Aria operations 8.12 and later

Aria operations for logs 8.12 and later

Resolution

To verify the version of Photon OS on your appliance run command:

cat /etc/photon-release

To verify the version of openssh on your appliance run command:

rpm -qa | grep openssh 

CVE-2023-48795:

For Photon OS 4 and below the CVE is not fixed due to complexity of backporting the patch to lower version. Will be fixed when Aria Operations moves to Photon OS 5 in later releases

For Photon OS 5  above CVE is resolved on version 9.3p2-7.ph5

CVE-2023-51384:

For Photon OS 3, above CVE is not fixed

For Photon OS 4, above CVE is resolved on version 8.9p1-6.ph4

For Photon OS 5,  above CVE is resolved on version 9.3p2-7.ph5

CVE-2023-51385

For Photon OS 3, above CVE is resolved on version 7.8p1-18.ph3

For Photon OS 4, above CVE is resolved on version 8.9p1-5.ph4

For Photon OS 5, above CVE is resolved on version 9.3p2-5.ph5

CVE-2023-28531

For Photon OS 4, above CVE is resolved on version 8.9p1-1

For Photon OS 5, above CVE is resolved on version 9.1p1-8

Powered by Wolken Software