CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858

Asked by Chris Collins on 2017-11-14

Does anyone know when the following OpenSSH venerabilities will be patched on Ubuntu 14.04

CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858

As these are coming up repeatedly on or security scans

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
2017-11-14
Last reply:
2017-11-14

https://launchpad.net/debian/+source/openssh/+changelog

Mentions at least one of the CVE numbers.....

Chris Collins (chris.collins) said : #2

With Ubuntu 14.04 the reported version is: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8

This is what I have gathered from looking into the CVEs

NOT PATCHED: CVE-2016-10009 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10009.html
PATCHED: CVE-2016-10010 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10010.html
NOT PATCHED: CVE-2016-10011 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10011.html
NOT PATCHED: CVE-2016-10012 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10012.html
NOT PATCHED: CVE-2016-8858 - https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8858.html

I suggest you report a bug. Mark it as a security bug

Can you help with this problem?

Provide an answer of your own, or ask Chris Collins for more information if necessary.

To post a message you must log in.