DirkS
Posts: 9844
Joined: Tue Jun 19, 2012 9:46 pm
Location: Essex, UK

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:06 pm

https://security-tracker.debian.org/tra ... 2018-10933
Already fixed and AFAICT it's also in the repos

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5713
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:08 pm

Since this come up any time a CVE is mentioned in the media, here's how you find out.

Go to https://security-tracker.debian.org/tracker/ and search for CVE-2018-10933.

You will find this page https://security-tracker.debian.org/tra ... 2018-10933

It says the fixed version in jessie is '0.6.3-4+deb8u3'.

So you run 'sudo apt update' and then 'apt policy libssh-4' and that will tell you what version you have installed and what's currently in the repo.

DirkS
Posts: 9844
Joined: Tue Jun 19, 2012 9:46 pm
Location: Essex, UK

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:14 pm

ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 5713
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:31 pm

DirkS wrote:
Fri Oct 19, 2018 3:14 pm
ShiftPlusOne wrote:
Fri Oct 19, 2018 3:08 pm
'apt policy libssh-4'
OP asked about Jessie so that would 'apt-cache policy'
Thanks. I thought the jessie version of apt already has the 'policy' command too.

User avatar
DougieLawson
Posts: 35378
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 3:52 pm

mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/
Have you thought about what would have happened if a patch wasn't available for Jessie? This time next year we'll see Stretch taking a well earned rest and pension with Buster being the fully supported version.

The time to upgrade is NOW!
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

fruitoftheloom
Posts: 19801
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Is Jessie impacted by recent LibSSH vuln? CVE-2018-10933

Fri Oct 19, 2018 4:00 pm

mushu999 wrote:
Fri Oct 19, 2018 2:45 pm
CVE-2018-10933
See: https://arstechnica.com/information-tec ... ot-access/


Why are you still running Raspbian Jessie ?

Stretch was released over a year ago ?

Even Debian do not support Jessie themselves, any support is now Community based:

https://wiki.debian.org/LTS/

RPF / RPT are not members of the LTS community support.....
adieu

My other Computer is an Asus CS10 ChromeBit running Chrome Operating System.
HP Envy 4500 Wireless Printer supported by HPLIP software in Raspbian Buster.
Raspberry Pi Model 2B v1.1

Return to “Advanced users”