Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSH Vulnerability #2315

Open
DanielXiao opened this issue Jan 22, 2019 · 4 comments
Open

OpenSSH Vulnerability #2315

DanielXiao opened this issue Jan 22, 2019 · 4 comments
Assignees
@DanielXiao
Labels
area/security Management of security functionality and other issues that impact security component/ova The build process for the OVA itself kind/defect/security A flaw or weakness that could lead to a violation of security policy product/ova Related to the OVA packaging of vSphere Integrated Containers severity/2-serious High usability or functional impact. Often has no workaround.

Comments

@DanielXiao
Copy link
Contributor

Summary

NEXPOSE reports below vulnerabilities:
OpenSSH Vulnerability: CVE-2017-15906 (openbsd-openssh-cve-2017-15906)
OpenSSH Vulnerability: CVE-2018-15473 (openbsd-openssh-cve-2018-15473)
OpenSSH Vulnerability: CVE-2018-15919 (openbsd-openssh-cve-2018-15919)

Details

Upgrade photon OpenSSH package when patches are available for them.
@DanielXiao DanielXiao added area/security Management of security functionality and other issues that impact security priority/p1 labels Jan 22, 2019
@DanielXiao DanielXiao self-assigned this Jan 22, 2019
@DanielXiao
Copy link
Contributor Author

Bug #2259311

@zjs zjs added product/ova Related to the OVA packaging of vSphere Integrated Containers severity/2-serious High usability or functional impact. Often has no workaround. component/ova The build process for the OVA itself kind/defect/security A flaw or weakness that could lead to a violation of security policy and removed priority/p1 labels Feb 12, 2019
@renmaosheng
Copy link
Contributor

we are depending on patches from photon os, moving to next version to fix.

@renmaosheng
Copy link
Contributor

this is a tracking PR, we will update photon os package before each of release.

@Journey-x
Copy link

How to verify the existence of this vulnerability CVE-2018-15919?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanielXiao DanielXiao

Labels
area/security Management of security functionality and other issues that impact security component/ova The build process for the OVA itself kind/defect/security A flaw or weakness that could lead to a violation of security policy product/ova Related to the OVA packaging of vSphere Integrated Containers severity/2-serious High usability or functional impact. Often has no workaround.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zjs @DanielXiao @renmaosheng @Journey-x