Vulnerabilities found in Openssh prior to version 9.6
search cancel

Vulnerabilities found in Openssh prior to version 9.6

book

Article ID: 369642

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The following CVEs have been reported by Nessus scanner as affecting Aria operations and Aria Operations for logs.

  • CVE-2023-48795
  • CVE-2023-51384
  • CVE-2023-51385
  • CVE-2023-28531

 

Environment

Aria operations 8.12 and later

Aria operations for logs 8.12 and later

Resolution

To verify the version of Photon OS on your appliance run command:

cat /etc/photon-release

To verify the version of openssh on your appliance run command:

rpm -qa | grep openssh 

CVE-2023-48795:

For Photon OS 4 and below the CVE is not fixed due to complexity of backporting the patch to lower version. Will be fixed when Aria Operations and Aria operations for logs moves to Photon OS 5 in later releases

For Photon OS 5  above CVE is resolved on version 9.3p2-7.ph5

CVE-2023-51384:

For Photon OS 3, above CVE is not fixed

For Photon OS 4, above CVE is resolved on version 8.9p1-6.ph4

For Photon OS 5,  above CVE is resolved on version 9.3p2-7.ph5

CVE-2023-51385

For Photon OS 3, above CVE is resolved on version 7.8p1-18.ph3

For Photon OS 4, above CVE is resolved on version 8.9p1-5.ph4

For Photon OS 5, above CVE is resolved on version 9.3p2-5.ph5

CVE-2023-28531

For Photon OS 4, above CVE is resolved on version 8.9p1-1

For Photon OS 5, above CVE is resolved on version 9.1p1-8

Powered by Wolken Software