Instructions to address OpenSSH vulnerability
Article ID: 375943
Updated On:
Products
VMware Integrated OpenStack
VMware Aria Suite
Issue/Introduction
A security scan against the VMware Integrated OpenStack management plane / Aria Automation / VMware Identity Manager VM's returns any of these CVE's:
- CVE-2018-20685
- CVE-2019-6111
- CVE-2019-6109
- CVE-2019-6110
- CVE-2023-48795
- CVE-2023-51384
- CVE-2023-51385
Environment
- VIO 7.3
- Aria Automation 8.x
- VMware Identity Manager 3.3.7
Cause
Photon has issued the following security Advisories:
PHSA-2019-3.0-0003 CVE-2018-20685
PHSA-2019-3.0-0014 CVE-2019-6109, CVE-2019-6111
PHSA-2019-3.0-0017 CVE-2019-6110
PHSA-2023-3.0-0705 CVE-2023-51385
Resolution
These issues with OpenSSH are addressed openssh-7.8p1-18
- Determine the version of the package that is installed:
rpm -qa openssh - If the package returned is less than openssh-7.8p1-18:
For Aria Automation please upgrade to supported version 8.18.1
For VMware Identity Manager 3.3.7 please install Patch CSP-97727
For VMware Integrated OpenStack you can upgrade the installed version with this command:tdnf update openssh
Additional Information
For CVE-2023-48795, please see OpenSSH vulnerability CVE-2023-48795
For CVE-2023-51384, it is not applicable to the openssh version 7.8p1, this CVE is applicable in openssh version 8.9 and above.
Feedback
Yes
No
Powered by
