Ubuntu
openssh package

OpenSSH 8.3 in Bionic

Asked by Caedmon Judd

Are there any current plans to upgrade Bionic (Ubuntu 18.04 LTS) to Openssh-server v.8.3? And what would the timing be?

Just needing to meet security compliance and it would be nice to rely on the Apt repo.

Thanks much!

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssh Edit question
Assignee:
No assignee Edit question
Solved by:
Caedmon Judd
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug. If the security and bug fixes are significant then the package will be updated sooner rather than later. Ubuntu is not a rolling release and stability is king over getting the latest packages in (This is especially true with the LTS releases).

You may find a PPA but they come with the usual caveats of a PPA. Be sure to filter each PPA for Bionic as not all PPAs support all releases
https://launchpad.net/ubuntu/+ppas?name_filter=openssh%2Dserver

Revision history for this message
Caedmon Judd (caedmonjudd) said : 		#2

Thank you!

FYI: My compliance scan is reporting the following CVE's against versions 7.3 - 8.2. Several are "high".

CVE-2016-6515

CVE-2018-20685

CVE-2017-15906

CVE-2016-8858

CVE-2016-6210

CVE-2015-8325

CVE-2018-15473

CVE-2016-10708

CVE-2016-10011

CVE-2016-10010

CVE-2016-10012

CVE-2018-15919

CVE-2019-6111

CVE-2019-6110

CVE-2016-3115

CVE-2019-6109

CVE-2016-10009

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

Just a remark:
Most of the listed vulnerabilities have already been patched in bionic's 7.6p1 version of openssh
https://people.canonical.com/~ubuntu-security/cve/pkg/openssh.html