Page 1 of 1

Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 2:45 pm
by mushu999

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 3:06 pm
by DirkS
https://security-tracker.debian.org/tra ... 2018-10933
Already fixed and AFAICT it's also in the repos

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 3:08 pm
by ShiftPlusOne
Since this come up any time a CVE is mentioned in the media, here's how you find out.

Go to https://security-tracker.debian.org/tracker/ and search for CVE-2018-10933.

You will find this page https://security-tracker.debian.org/tra ... 2018-10933

It says the fixed version in jessie is '0.6.3-4+deb8u3'.

So you run 'sudo apt update' and then 'apt policy libssh-4' and that will tell you what version you have installed and what's currently in the repo.

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 3:14 pm
by DirkS
ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 3:31 pm
by ShiftPlusOne
DirkS wrote:
Fri Oct 19, 2018 3:14 pm
ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'
Thanks. I thought the jessie version of apt already has the 'policy' command too.

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 3:52 pm
by DougieLawson
mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/
Have you thought about what would have happened if a patch wasn't available for Jessie? This time next year we'll see Stretch taking a well earned rest and pension with Buster being the fully supported version.

The time to upgrade is NOW!

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Posted: Fri Oct 19, 2018 4:00 pm
by fruitoftheloom
mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/


Why are you still running Raspbian Jessie ?

Stretch was released over a year ago ?

Even Debian do not support Jessie themselves, any support is now Community based:

https://wiki.debian.org/LTS/

RPF / RPT are not members of the LTS community support.....