Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Upgrade OpenSSH on server

Discussion in 'General Discussion' started by 000, Aug 17, 2017.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    66
    Regards.

    ... finally, how we can UPGRADE SSH in server with cPanel/WHM ???

    I have this:
    PHP:
    root@uu [~]# ssh -V
    OpenSSH_5.3p1OpenSSL 1.0.1e-fips 11 Feb 2013
    root
    @uu [~]#
    This is more of 50 months back!...

    Nothing new untill now?

    Thanks
     
  2. Sametto Chan

    Sametto Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    242
    Likes Received:
    22
    Trophy Points:
    93
    cPanel Access Level:
    Root Administrator
    Twitter:
    You mean, Upgrade for WHM version or OpenSSL version?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    OpenSSH and OpenSSL are packages that are provided by your OS (e.g. CentOS). You can update your system packages to the latest versions offered by your OS with the "yum update" command. Additionally, you can see which security patches have been backported in the version your OS provides with a command such as this:

    Code:
    rpm -q --changelog openssh | grep CVE
    Thank you.
     
  4. Sametto Chan

    Sametto Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    242
    Likes Received:
    22
    Trophy Points:
    93
    cPanel Access Level:
    Root Administrator
    Twitter:
    Can I see OpenSSL for latest version from where?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can verify which version of OpenSSL is installed with the following command:

    Code:
    openssl version
    Thank you.
     
  6. Sametto Chan

    Sametto Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    242
    Likes Received:
    22
    Trophy Points:
    93
    cPanel Access Level:
    Root Administrator
    Twitter:
    Code:
    OpenSSL 1.0.1e-fips 11 Feb 2013
    
    Do we have the latest version of OpenSSL?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, the version you provided matches what's installed on a test system running CentOS 7.3. You can also use the below command to verify the patches that have been backported:

    Code:
    rpm -q --changelog openssh | grep CVE
    Here's what the output looks like on a CentOS 7.3 system:

    Code:
    ]# rpm -q --changelog openssh | grep CVE
    - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (#1329191)
    - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
    - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819)
    - prevents CVE-2016-0777 and CVE-2016-0778
    - Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
    - only query each keyboard-interactive device once (CVE-2015-5600) (#1245971)
    - add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278
    - prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
    - change default value of MaxStartups - CVE-2010-5107 (#908707)
    - CVE-2010-4755
    - fixed audit log injection problem (CVE-2007-3102)
    - CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
    - CVE-2006-4924 - prevent DoS on deattack detector (#207957)
    - CVE-2006-5051 - don't call cleanups from signal handler (#208459)
    - use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
    Thank you.
     
    Sametto Chan likes this.
  8. Sametto Chan

    Sametto Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    242
    Likes Received:
    22
    Trophy Points:
    93
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you. I checked it's same with this change logs.
     
    cPanelMichael likes this.
Loading...

Share This Page