VOOZH about

URL: https://repost.aws/questions/QUbzkRpTUYRi2zKruItqvipQ/linux-2-openssh-failing-vulnerability-scan

⇱ Linux 2 OpenSSH Failing Vulnerability Scan | AWS re:Post


Skip to content

Linux 2 OpenSSH Failing Vulnerability Scan

0

My Linux 2 server is failing because of OpenSSH version is before version 8.5 (documented in CVE-2021-28041).
What I would like to know, is there anywhere that AWS documents that they have addressed this issue, CVE-2021-28041? I recognize that AWS does update the binaries on their own, and when I checked RedHat, they describe the issue as a non-issue for them, because the issue was introduced in version 8.3. I assume that is the same for AWS Linux 2, but I need to prove it to my provider or I fail my PCI Compliance vulnerability assessment. It would be great if AWS simply identified it, and documented that they are updating OpenSSH directly, and did not include this vulnerability, or something to that effect.

No Answers
  • Newest
  • Most votes
  • Most comments