Hello and thanks for the bug report! To reduce the risk of regressions, we prefer to backport security fixes to our stable releases rather than bump them to an entirely new version of the openssh package. Please refer to the Ubuntu CVE Tracker for known issues affecting OpenSSH:
https://people.canonical.com/~ubuntu-security/cve/pkg/openssh.html Ubuntu 16.04 LTS does have some outstanding OpenSSH CVEs that have not yet been fixed but they're all rated low or negligible. However, I expect that we'll begin work on security updates soon. Please see the following FAQ entry for more details on our backporting policy: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions I'm going to mark this bug invalid since we're unwilling to bump to an entirely new OpenSSH version and all known CVEs are being tracked in the Ubuntu CVE Tracker. Thanks again for the report! ** Attachment removed: "SSHDConfig.txt" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1706543/+attachment/4921533/+files/SSHDConfig.txt ** Attachment removed: "JournalErrors.txt" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1706543/+attachment/4921530/+files/JournalErrors.txt ** Information type changed from Private Security to Public Security ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706543 Title: Upgrade to newer version (currently v7.5p1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1706543/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
