Results 1 to 2 of 2

Thread: Looking for OpenSSH patch to resolve CVE-2023-48795?

  1. #1
    Join Date
    Apr 2024

    Post Looking for OpenSSH patch to resolve CVE-2023-48795?

    I have buildroot environment which has the openssh version 8.1p1 and openssl 1.0.2r. Now we are facing CVE-2023-48795 in existing version. Which is actually resolved in openssh 9.6 version but the catch is, it doesnt support openssl 1.0.2r and requires to upgrade the openssl.

    So do we have any patch available that can be applied on 8.1p1 without having to upgrade openssh to 9.6 and keeping openssh as is(as its tedius job to upgrade at the current situation inside organization). Or upgrade openssh upto the version that support openssh 1.0.2

    Any help would be very greatly appreciated.
    Last edited by prajwalraj; April 11th, 2024 at 09:05 AM.

  2. #2
    Join Date
    Mar 2010

    Re: Looking for OpenSSH patch to resolve CVE-2023-48795? explains when the fixes were released for supported Ubuntu versions.
    On my 20.04 systems, I see that the needed updates arrived Jan 11, 2024.

    If you don't have them yet, that's an issue with your package management, not Canonical's release of the fixes. Of course, some snap packages use out of support versions of libopenssl but 18.04 didn't have the problem code, so it isn't any issue.

    Read the link carefully. If you are on a supported release of Ubuntu, I think it is handled.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts