Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565

abhi dhiman abhi.dhiman83 at gmail.com
Mon Mar 14 18:01:43 AEDT 2016


Hi All,

Please direct me to the code changes for above vulnerabilities.
We don't have a vendor but we use Openssh in our software. So can't upgrade
it right now.

Regards
Abhishek

On Tue, Mar 8, 2016 at 7:08 PM, Martin Hecht <hecht at hlrs.de> wrote:

>
> Was that ssh shipped with your OS distribution? If yes, it might already
> be patched if you have installed the OS security patches. Check with
> your OS vendor.
>
> On 03/08/2016 02:19 PM, abhi dhiman wrote:
> > Hi Gert,
> >
> > Thanks for your reply.
> >
> > But we can't upgrade to 7.2 version also we don't have plan to upgrade in
> > near future. Can I fix these vulnerabilities in the current version?
> >
> > Regards
> > Abhishek
> >
> > On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de>
> wrote:
> >
> >> Hi,
> >>
> >> On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote:
> >>> Actually I am working with the OpenSSH version 6.2p which is vulnerable
> >> to
> >>> above mentioned vulnerabilities.
> >>>
> >>> So am looking for some help how I can fix these vulnerabilities in my
> >>> version. I need to fix it in the OpenSSH code.
> >> "Upgrade to 7.2"?
> >>
> >> gert
> >> --
> >> USENET is *not* the non-clickable part of WWW!
> >>                                                            //
> >> www.muc.de/~gert/
> >> Gert Doering - Munich, Germany
> >> gert at greenie.muc.de
> >> fax: +49-89-35655025
> >> gert at net.informatik.tu-muenchen.de
> >>
> >
> >
>
>
>


-- 
abhi~dhiman


More information about the openssh-unix-dev mailing list