AIX Open Source

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.

------------------------------
Niël Lambrechts

Original Message:
Sent: Wed April 17, 2024 12:43 PM
From: Russell Adams
Subject: ssh 9.7

On Wed, Apr 17, 2024 at 04:15:34PM +0000, Mohamed Gaber via IBM TechXchange Community wrote:
> recently we received vulnerability regarding to ssh and update tp 9.7 is required.
>
> i can find only version 9.2

I'd be curious too!

OpenSSH is supposed to be covered by AIX support, not the open source
toolkit. This may be the wrong community. You may have to file a
support ticket.

I've posted separately about IBM distributing unsigned SSH
packages outside the normal distribution channels for the core OS via
a marketing website. That causes me great concern.

I'm evaluating our upgrade to 7200-05-07 now, and while OpenSSL has
been updated to v3, OpenSSH is still on 8 when the marketing site has
9.2 and there are newer versions upstream like 9.7.

Please let us know where you find an authentic IBM supported update.

------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/


Original Message:
Sent: 4/17/2024 12:16:00 PM
From: Mohamed Gaber
Subject: ssh 9.7

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

------------------------------
Mohamed Gaber
------------------------------

Hello

Current supported versions of openssh on AIX-Power are 8.1p1 and 9.2p1. AIX team ensures that any vulnerability reported on higher versions is backported onto these supported versions.

OpenSSH 9.2p1 is planned to part of AIX base image from Fall 2024 releases onwards.

Later, we plan to start an update to openSSH 9.7 or the corresponding latest version in late Q4 2024.

Thanks

Sandeep Umesh

AIX Opensource Security

Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

The fourth quarter of 2024? Now the vulnerability on sos is upgraded to 9.3, the deadline is May 19th, the vulnerability level is urgent, it is too late.

Hello

Current supported versions of openssh on AIX-Power are 8.1p1 and 9.2p1. AIX team ensures that any vulnerability reported on higher versions is backported onto these supported versions.

OpenSSH 9.2p1 is planned to part of AIX base image from Fall 2024 releases onwards.

Later, we plan to start an update to openSSH 9.7 or the corresponding latest version in late Q4 2024.

Thanks

Sandeep Umesh

AIX Opensource Security

Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

Hello

Current supported versions of openssh on AIX-Power are 8.1p1 and 9.2p1. AIX team ensures that any vulnerability reported on higher versions is backported onto these supported versions.

OpenSSH 9.2p1 is planned to part of AIX base image from Fall 2024 releases onwards.

Later, we plan to start an update to openSSH 9.7 or the corresponding latest version in late Q4 2024.

Thanks

Sandeep Umesh

AIX Opensource Security

Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help 

I hope you don't do what you wrote :-) You don't back port vulnerabilities but fixes.

Hello

Current supported versions of openssh on AIX-Power are 8.1p1 and 9.2p1. AIX team ensures that any vulnerability reported on higher versions is backported onto these supported versions.

OpenSSH 9.2p1 is planned to part of AIX base image from Fall 2024 releases onwards.

Later, we plan to start an update to openSSH 9.7 or the corresponding latest version in late Q4 2024.

Thanks

Sandeep Umesh

AIX Opensource Security

Thanks for this information, I share the same concerns. I have logged an IBM case for this issue, and will try to share any meaningful feedback that they provide.

recently we received vulnerability regarding to ssh and update tp 9.7 is required. 

i can find only version 9.2  

any help