CVE-2016-20012
Leroy Tennison
leroy.tennison at verizon.net
Thu Oct 28 18:54:45 UTC 2021
Under "Notes:" for https://ubuntu.com/security/CVE-2016-20012 Seth Arnold makes a reference to "openssh-ssh1", does this CVE only apply to version 1 of openssh? The reason I ask is that we have a PCI environment and our scanning vendor has noted us as non-compliant because of this CVE. I understand there is disagreement about the severity of the CVE but we need an answer and Seth hasn't provided a public email address. If the CVE applies only to ssh version 1 then we have an answer.
A related question, would using a certificate-based ssh configuration avoid this issue?
Thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20211028/2beb6bf9/attachment.html>
More information about the ubuntu-server
mailing list