found cve-2014-1692 vulnerability

[laowolf]

Security scan found cve-2014-1692 vulnerability on Proxmox VE 3.3 server.
Is there any official patch or solution for this?

 

[dietmar]

That is already fixed:

https://security-tracker.debian.org/tracker/CVE-2014-1692

Just update you system.

 

[laowolf]

According to the link https://security-tracker.debian.org/tracker/CVE-2014-1692, openssh 1:6.0p1-4+deb7u2 has fixed the cve-2014-1692 vulnerability.
I have checked the openssh-server version and openssh-client version of my pve server by "dpkg -l", which shows that is exactly 1:6.0p1-4+deb7u2.
But the security scanning still reports CVE-2014-1692 vulnerability. Is it a fake vulnerability warning? or still need I update my pve server?

That is already fixed:

https://security-tracker.debian.org/tracker/CVE-2014-1692

Just update you system.

 

[dietmar]

Is it a fake vulnerability warning? or still need I update my pve server?

I guess you need to ask the vendor of that security scanning product.

 

[laowolf]

I have proposed the case to the vendor of the security scanning product already, and I will keep this posted once I got the reply.