[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] openSSH, 11.3 and CVE-2011-0539



On Monday 18 July 2011 at 10:23 Ludwig Nussel wrote:

> paul wrote:
> > We failed a pci-dss compliance test because the version of openSSH for
> > 11.3 doesn't have the fix for CVE-2011-0539. In fact, there hasn't been
> > any update to openSSH for 11.3 since Jun 2010.
> 
> If you have a use case that requires pci-dss compliance you may find
> SLES better suite your needs.

Unfortunately we are not (yet) generating sufficient income for that. :-(

> Anyways, CVE-2011-0539 affects openssh >= 5.6 while 11.3 has 5.4.
> https://bugzilla.novell.com/show_bug.cgi?id=669477

Hmmm. The pci-dss scanner is not very bright. It is convinced that 5.4 is 
vulnerable. I guess I will have to go and argue with those guys. (Their 
scanner also flags up an error that we are running OpenSSH v2.0. Never mind 
that the previous error for the CVE clearly identifies us as running 5.4).

Presumably there are no 'gotchas' if we install the factor version on 11.3? It 
will probably turn out to be easier than convincing securitymetrics that their 
scanner is wrong.


Paul
-- 
Paul Reeves
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx