In the end we just complied this from source to upgrade the version to OpenSSH 7.4 - not ideal, but easier then upgrading the server for now. If you can upgrade the server this is the preferred method.
Basically we followed this though: https://gist.github.com/techgaun/df66d37379df37838482c4c3470bc48e -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1732172 Title: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04 Status in openssh package in Ubuntu: Incomplete Bug description: Does anyone know when the following OpenSSH venerabilities will be patched on Ubuntu 14.04 CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-8858 As these are coming up repeatedly on or security scans To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
