Upgrading OpenSSH on 1.1.7

vyos-1-2

#1

Hello, recently ran a McAfee vulnerability scan of our VyOS router and it came back with several vulnerabilities regarding OpenSSH on our router. These vulnerabilities include:

  • ‘OpenSSH Multiple Vulnerabilities’
  • ‘OpenSSH 7.4 Not Installed Multiple Vulnerabilities’
  • ‘OpenSSH Xauth Command Injection Vulnerability’
  • ‘OpenSSH J-PAKE Session Key Retrieval Vulnerability’
  • ‘OpenSSH “child_set_env()” Security Bypass Issue’

I saw another post about upgrading OpenSSL and OpenSSH but the guy who posted it said that the vulnerabilities on their system were a false positive, so no one ever explained how to do the upgrade. My questions are; is this something to be concerned about, or is it like the LTS ubuntu releases in that OpenSSH is actually being upgraded in the background without my knowledge? Furthermore, if this is an issue, how do I upgrade OpenSSH on our router?

Further info:

  • VyOS image 1.1.7
  • OpenSSH_5.5p1 Debian-6+squeeze8
  • OpenSSL 0.9.8zf

#2

Please upgrade to 1.1.8 and retest
correct way will be start testing rolling release against your configuration and transition to it


#6

For some reason when I run ‘add system image https://downloads.vyos.io/release/1.1.8/vyos-1.1.8-amd64.iso’ it tells me ‘curl: (23) Failed writing body (4381 != 16384)’


#7

сheck if you have enough space


#8

When I run df -h it tells me ‘df: cannot read table off mounted file systems’. I went ahead and tried expanding the router’s EBS volume in AWS, but two things happened:

  • first the resolv.conf was suddenly blank
  • second when i then tried to extend the file system using ‘sudo resize2fs /dev/xvda1’ it tells me ‘The filesystem is already 1048320 blocks long. Nothing to do!’

#9

you also can maybe remove old images if any


#10

There are none unfortunately.


#11

Resolved this issue by creating a new ec2 linux instance, attaching the VyOS volume to it, and then extending the filesystem there. I’m a newbie here though, do I need to close this out?


#12

glad that you solved that!
marking it for autoclose


#13

Well don’t close it yet actually, the system image is upgraded, but I still have the original problem. The version of OpenSSH did not upgrade with the system.


#14

This topic was automatically closed after 6 hours. New replies are no longer allowed.