CVE-2018-15473 #89
Labels
Pending Community Vote
The handling of this issue will be determined by a community vote. See issue comments for voting.
Comments
|
On Mon, 2021-01-04 at 07:36 -0800, Adam Korab wrote:
Scanning Ubuntu 18.04 LTS. Per Ubuntu security notification this is
fixed as of package 1:7.6p1-4ubuntu0.1 but it is still flagged in the
output of a systems updated to 1:7.6p1-4ubuntu0.3
Thanks for reporting this. It can be fixed by extending the header
version parsing logic to understand the extra version information that
is given during the connection setup (i.e.: "Ubuntu-4ubuntu0.1" vs.
"Ubuntu-4ubuntu0.3").
I could use help from the community in writing this patch.
…--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
|
|
I'll take a stab at it, but If wanted to first call it out and verify if it was indeed a false positive, or if the openssh-server package was just still broken. The latter scenario has been known to happen from time to time. :) Thanks for being so responsive. |
jtesta
added
Pending Community Vote
|
As per the community vote results (see #240 (comment)), all version-based CVE information has been removed in 93b30b4. This issue is now moot and is closed. Nevertheless, your participation in this project is still appreciated! Thanks for contributing!! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scanning Ubuntu 18.04 LTS. Per Ubuntu security notification this is fixed as of package 1:7.6p1-4ubuntu0.1 but it is still flagged in the output of a systems updated to 1:7.6p1-4ubuntu0.3
The text was updated successfully, but these errors were encountered: