Is there a way to review CVE-2016-10009 priority in Ubuntu? According to https://www.cvedetails.com/cve/CVE-2016-10009/ it has CVSS Score of 7.5 (High) and is easily exploitable. It is a remote code execution vulnerability in one of the components (openssh server) that are commonly exposed to outside world.
Currently no LTS version of Ubuntu is PCI DSS compliant because this bug is not fixed. As using a non-LTS version on production servers might not be an option for many companies this renders Ubuntu server unusable for them. Ignoring a remote code execution vulnerability with CVSS score of 7.5 is bad security practice unless there is a reason that makes the vulnerability unusable as provided in #3 for other CVEs. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1732172 Title: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04 Status in openssh package in Ubuntu: Incomplete Bug description: Does anyone know when the following OpenSSH venerabilities will be patched on Ubuntu 14.04 CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858 As these are coming up repeatedly on or security scans To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
