OpenSSH Vulnerabilities - False Positive?

[rellinger]

Hello, we are conducting unauthenticated vulnerability scanning and the report is showing the following SSH vulnerabilities:

• CVE-2023-38408
• CVE-2023-28531
• CVE-2023-51385
• CVE-2023-48795
• CVE-2023-51384

Is there any place to validate if there are actual vulnerabilities or false positives? We are running version 8.1.2.

Thanks

 

[Neobin]

Just check your installed package(s) version:

• https://security-tracker.debian.org/tracker/CVE-2023-38408
• https://security-tracker.debian.org/tracker/CVE-2023-28531
• https://security-tracker.debian.org/tracker/CVE-2023-51385
• https://security-tracker.debian.org/tracker/CVE-2023-48795
• https://security-tracker.debian.org/tracker/CVE-2023-51384

PMG 8 is based on Debian 12/Bookworm:
https://pmg.proxmox.com/wiki/index.php/Roadmap

Also good to keep an eye on in general:
https://forum.proxmox.com/threads/proxmox-mail-gateway-security-advisories.149333

 

[rellinger]

Just check your installed package(s) version:

• https://security-tracker.debian.org/tracker/CVE-2023-38408
• https://security-tracker.debian.org/tracker/CVE-2023-28531
• https://security-tracker.debian.org/tracker/CVE-2023-51385
• https://security-tracker.debian.org/tracker/CVE-2023-48795
• https://security-tracker.debian.org/tracker/CVE-2023-51384

PMG 8 is based on Debian 12/Bookworm:
https://pmg.proxmox.com/wiki/index.php/Roadmap

Also good to keep an eye on in general:
https://forum.proxmox.com/threads/proxmox-mail-gateway-security-advisories.149333

This makes sense. Thank you.