Hey folks, I have a rocky linux 8.8 running on my local network, i saw some buzz about the CVE-2023-38408 and logged into my server to see the ssh version using ‘ssh -V’, i got the following result. OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 In that case, the ssh is at version 8.0p1, vulnera…

@John-C @label is absolutely correct about waiting for the patch. When it comes out, your OpenSSH version will probably not change, or not much, but when you run: rpm -q openssh --changelog | grep CVE You will see the CVE in the listing, and at that point you will know that your version is patched…

[image] label: cve-details describes some ways to mitigate the issue (before patches arrive).

Hey all, Interesting, i’ll not touch anything and wait for fixes, since this CVE doesnt affect me that much. Thanks for all responses!

Do i need to update SSH version?

Rocky Linux Help & Support

label July 26, 2023, 8:15pm 2

Manual upgrades are never recommended. Users will need to wait for the fixes to become available. cve-details / 2224173 – (CVE-2023-38408) CVE-2023-38408 openssh: Remote code execution in ssh-agent PKCS#11 support

1 Like

Topic		Replies	Views
Openssh 8.0p1 does not contain the latest cve? Running version rocky 8.10 Rocky Linux Help & Support rocky-linux-8	7	1114	March 25, 2025
Updating OpenSSH to address CVE-2024-6387 Rocky Linux Help & Support rocky-linux-9	2	2540	October 27, 2024
Upgrade openssh to 9.3p2 Rocky Linux Help & Support	2	10329	September 23, 2023
Need Openssh-9.7 official RPM for rocky linux 9.2 Rocky Linux Help & Support	2	539	September 20, 2024
OpenSSH vulnerabilities CVE-2023-51767, CVE-2023-51767, CVE-2023-51384, CVE-2025-26465 Rocky Linux Help & Support rocky-linux-9	3	1164	May 11, 2025

Do i need to update SSH version?

Related topics