HPE Community
StoreVirtual Storage
1753937 Members
9805 Online
108811 Solutions
New Discussion

Re: openSSH

 
SOLVED
Go to solution
5y53ng
Regular Advisor

‎04-27-2012 07:40 AM

‎04-27-2012 07:40 AM

openSSH

Is anyone aware of a patch to upgrade the openSSH version in saniq 9.5? A member of our security team approached me and said it was out of date. The VSA appears to have version 4.3 and the latest version appears to be 6.x.

0 Kudos
Reply
5 REPLIES 5
Jitun
HPE Pro

‎04-29-2012 12:23 AM

‎04-29-2012 12:23 AM

Re: openSSH

There is no Patch to Upgrade openSSH version for SANiQ.

I have requested to check if it will be upgraded in the next version of SANiQ.
I work for HPE
--------------------------------------------------------------
How to assign points? Click the KUDOS! star!

Accept or Kudo

0 Kudos
Reply
5y53ng
Regular Advisor

‎05-01-2012 05:31 AM

‎05-01-2012 05:31 AM

Re: openSSH

Great, thank you!

0 Kudos
Reply
Jitun
HPE Pro

‎05-03-2012 07:49 AM

‎05-03-2012 07:49 AM

Solution

Re: openSSH

The reason we have v4.3 is because SANiQ 9.5 is based on CentOS 5.5/5.7, and that's the version it ships.

 

The vulnerabilities in that version (v4.3) are things that can't be used against SANiQ for various reasons (like the way HP configures it)

I work for HPE
--------------------------------------------------------------
How to assign points? Click the KUDOS! star!

Accept or Kudo

0 Kudos
Reply
5y53ng
Regular Advisor

‎05-04-2012 11:43 AM

‎05-04-2012 11:43 AM

Re: openSSH

Thank you Jitun,

 

Is there any official documentation from HP stating the VSA is not vulnerable to any exploits of 4.3? I'm not concerned about the version, since the iSCSI SAN is private, but I know security will be looking for something official.

 

Thanks again.

0 Kudos
Reply
Lakey81
Occasional Visitor

‎02-26-2014 07:08 AM

‎02-26-2014 07:08 AM

Re: openSSH

Has anyone got any newer information on this?  We just found the same issue with version 10.5 that openssh is coming up with multiple vulnerabilities.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.