SSH CVE-2016-8858
Hi guys
I have a question, recently one of our clients is worry about CVE-2016-8858 which affect ssh version 6.6p1.
I have run this command
and nothing comes out. does it mean my actual version of ssh it is not affected by this vulnerability? my version is openssh-server-6.6.1p1-35.el7_3.x86_64 Regards
rpm -q --changelog openssh | grep CVE-2016-8858and nothing comes out. does it mean my actual version of ssh it is not affected by this vulnerability? my version is openssh-server-6.6.1p1-35.el7_3.x86_64 Regards
-
Hello, This CVE is documented at: CVE-2016-8858 - Red Hat Customer Portal Per this page: The Red Hat Product Security Team does not consider this issue to be a security flaw, for more information please refer to Bug 1384860 " CVE-2016-8858 openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
Thank you.0
Please sign in to leave a comment.
Comments
1 comment