[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Haven't seen this ssh output before

Le 04.12.2014 11:33, Jochen Spieker a écrit :


This is a tool which lists CVE (Common Vulnerabilities and
Exposures) that the packages you installed contains.
I think you might get some hints if you make a diff between the old
(you said you have un-upgraded systems) and the new (the system
which gaves you problems) systems.

Debsecan is a great tool, but to find out whether a specific upgrade
contains remedy for a specific CVE the easiest way is usually to just
look at the changelog. I would be very surprised if OpenSSH people close
security holes without mentioning that explicitly.


Of course, but this is something which needs to be made by hand, since no apt tool I have heard about will list CVEs in a package. Except debsecan, which can be run by script, for example to send mail to warn on various things. I wonder if it could be doable to warn when the future package will introduce a CVE, before installing it?

Reply to: