Mailinglist Archive: opensuse-security (9 mails)

< Previous Next >
Re: [opensuse-security] openSSH, 11.3 and CVE-2011-0539
On Monday 18 July 2011 at 10:23 Ludwig Nussel wrote:

paul wrote:
We failed a pci-dss compliance test because the version of openSSH for
11.3 doesn't have the fix for CVE-2011-0539. In fact, there hasn't been
any update to openSSH for 11.3 since Jun 2010.

If you have a use case that requires pci-dss compliance you may find
SLES better suite your needs.

Unfortunately we are not (yet) generating sufficient income for that. :-(

Anyways, CVE-2011-0539 affects openssh >= 5.6 while 11.3 has 5.4.
https://bugzilla.novell.com/show_bug.cgi?id=669477

Hmmm. The pci-dss scanner is not very bright. It is convinced that 5.4 is
vulnerable. I guess I will have to go and argue with those guys. (Their
scanner also flags up an error that we are running OpenSSH v2.0. Never mind
that the previous error for the CVE clearly identifies us as running 5.4).

Presumably there are no 'gotchas' if we install the factor version on 11.3? It
will probably turn out to be easier than convincing securitymetrics that their
scanner is wrong.


Paul
--
Paul Reeves
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References