[Bug 1732172] Re: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04
Vital Koshalew
vital at koshalew.ca
Wed Jan 10 08:16:26 UTC 2018
Is there a way to review CVE-2016-10009 priority in Ubuntu?
According to https://www.cvedetails.com/cve/CVE-2016-10009/ it has CVSS
Score of 7.5 (High) and is easily exploitable. It is a remote code
execution vulnerability in one of the components (openssh server) that
are commonly exposed to outside world.
Currently no LTS version of Ubuntu is PCI DSS compliant because this bug
is not fixed. As using a non-LTS version on production servers might not
be an option for many companies this renders Ubuntu server unusable for
them.
Ignoring a remote code execution vulnerability with CVSS score of 7.5 is
bad security practice unless there is a reason that makes the
vulnerability unusable as provided in #3 for other CVEs.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1732172
Title:
[CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04
Status in openssh package in Ubuntu:
Incomplete
Bug description:
Does anyone know when the following OpenSSH venerabilities will be
patched on Ubuntu 14.04
CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012,
CVE-2016-8858
As these are coming up repeatedly on or security scans
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions
More information about the foundations-bugs
mailing list