DirkS
Posts: 9217
Joined: Tue Jun 19, 2012 9:46 pm
Location: Essex, UK

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:06 pm

https://security-tracker.debian.org/tra ... 2018-10933
Already fixed and AFAICT it's also in the repos

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5332
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:08 pm

Since this come up any time a CVE is mentioned in the media, here's how you find out.

Go to https://security-tracker.debian.org/tracker/ and search for CVE-2018-10933.

You will find this page https://security-tracker.debian.org/tra ... 2018-10933

It says the fixed version in jessie is '0.6.3-4+deb8u3'.

So you run 'sudo apt update' and then 'apt policy libssh-4' and that will tell you what version you have installed and what's currently in the repo.

DirkS
Posts: 9217
Joined: Tue Jun 19, 2012 9:46 pm
Location: Essex, UK

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:14 pm

ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5332
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:31 pm

DirkS wrote:
Fri Oct 19, 2018 3:14 pm
ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'
Thanks. I thought the jessie version of apt already has the 'policy' command too.

User avatar
DougieLawson
Posts: 34097
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:52 pm

mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/
Have you thought about what would have happened if a patch wasn't available for Jessie? This time next year we'll see Stretch taking a well earned rest and pension with Buster being the fully supported version.

The time to upgrade is NOW!
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

2012-18: 1B*5, 2B*2, B+, A+, Z, ZW, 3Bs*3, 3B+

Any DMs sent on Twitter will be answered next month.

fruitoftheloom
Posts: 17603
Joined: Tue Mar 25, 2014 12:40 pm

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 4:00 pm

mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/


Why are you still running Raspbian Jessie ?

Stretch was released over a year ago ?

Even Debian do not support Jessie themselves, any support is now Community based:

https://wiki.debian.org/LTS/

RPF / RPT are not members of the LTS community support.....
Adieu

Return to “Advanced users”