update centos 7.5 openssh lasted , but not fix CVE-2018-15919 after update.
which openssh Version can fix the bug? or how fix the openssh CVE-2018-15919 bug?
env:
---befor update
openssh-server-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
---after update
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
openssh-clients-7.4p1-21.el7.x86_64
---check changelog not fix
rpm -qi openssh --changelog|grep CVE|sort
CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
- CVE-2010-4755
- CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (#1329191)
- CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819)
- Fix for CVE-2017-15906 (#1517226)
- Fix for CVE-2018-15473 (#1619079)
- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278
- change default value of MaxStartups - CVE-2010-5107 (#908707)
- fixed audit log injection problem (CVE-2007-3102)
- only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
- prevents CVE-2016-0777 and CVE-2016-0778
- use fork+exec instead of system in scp - CVE-2006-0225 (#16816
openssh CVE-2018-15919 not fix?
Re: openssh CVE-2018-15919 not fix?
First thing is that 7.5 is 18 months out of date and you should be on 7.7.
https://access.redhat.com/security/cve/CVE-2018-15919 says "Will not fix" for both 7 and 8 so it's apparent that they do not consider this severe enough to bother to fix.
https://access.redhat.com/security/cve/CVE-2018-15919 says "Will not fix" for both 7 and 8 so it's apparent that they do not consider this severe enough to bother to fix.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke