Hey all!
Perhaps a bit of a beginner question here, especially on the security side. I got a notice for 2 vulnerabilities with open ssh version that is running on ProxMox. It is mentioning that OpenSSH_8.4p1 is vulnerable on CVE-2023-28531 and CVE-2008-3844.
Interestingly I think both of these are false positives because CVE-2023-28531 states versions 8.9 up to 9.3. and 2008-3844 mentions "some" packages for RHEL 4 and 5. Perhaps BitDefender's repo of vulnerabilities is incorrect here?
I would gladly take some input on this. Is there a good way to update to 9.3?
Note: I did not grab a weird ISO - the installer was straight from proxmox (non-torrent sites - direct iso).
Perhaps a bit of a beginner question here, especially on the security side. I got a notice for 2 vulnerabilities with open ssh version that is running on ProxMox. It is mentioning that OpenSSH_8.4p1 is vulnerable on CVE-2023-28531 and CVE-2008-3844.
Interestingly I think both of these are false positives because CVE-2023-28531 states versions 8.9 up to 9.3. and 2008-3844 mentions "some" packages for RHEL 4 and 5. Perhaps BitDefender's repo of vulnerabilities is incorrect here?
I would gladly take some input on this. Is there a good way to update to 9.3?
Note: I did not grab a weird ISO - the installer was straight from proxmox (non-torrent sites - direct iso).