• Vulnerability scanner is reporting that it discovered vulnerability (CVE-2023-38408) - It is a condition where specific libraries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the conditions mentioned here are met
• Vulnerability scanner is also reporting that is discovered vulnerability (CVE-2024-6387) - race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Aria Operations for Logs 8.14 and later

Many vulnerability scanners will not do a proper penetration test, instead they will check the major version of the packages.  We do not typically use the newest version of the packages, as there is an ecosystem in place and upgrading some packages can have a knock on affect with other packages that are installed.  When a CVE vulnerability is found we will usually apply a fix to the package but the major version of the package will remain the same. 

CVE 2023-38408 is addressed for Photon OS 4.0 in 8.9p1-1.ph4 version of Openssh package.  Openssh package was updated to 8.9p1-1.ph4 in Aria Operations for Logs 8.14 so 8.14.x and later is not affected.

CVE CVE-2024-6387 is addressed in Photon OS 4.0 8.9p1-8.ph4.  Openssh package 8.9p1-8.ph4 is updated to 8.9p1-8.ph4 in Aria Operations for Logs 8.18 hot fix 1 , so 8.18 hf 1 or later is not affected.  This is mentioned in the release notes for Aria Operations for Logs Hot Fix 1 found here. 

• To verify the version of Photon OS on your appliance run command:

cat /etc/photon-release

• To verify the version of openssh on your appliance run command:

rpm -qa | grep openssh

*Note before upgrading/applying hot fix please ensure you take snapshots of all nodes in the cluster.