我想升级我的 openssh 版本以解决CVE-2024-6387问题,运行后apt update
我apt upgrade
看到以下输出:
❯ sudo apt upgrade openssh-client
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
openssh-client is already the newest version (1:8.9p1-3ubuntu0.10).
openssh-client set to manually installed.
Calculating upgrade... Done
#
# OpenSSH CVE-2024-6387 has been fixed for 22.04 LTS, 23.10 and 24.04 LTS.
# RegreSSHion: Possible RCE Due To A Race Condition In Signal Handling.
# For more details see: https://ubuntu.com/security/notices/USN-6859-1.
#
The following packages have been kept back:
python3-update-manager update-manager update-manager-core
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
❯ sudo apt upgrade openssh-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
openssh-server is already the newest version (1:8.9p1-3ubuntu0.10).
Calculating upgrade... Done
#
# OpenSSH CVE-2024-6387 has been fixed for 22.04 LTS, 23.10 and 24.04 LTS.
# RegreSSHion: Possible RCE Due To A Race Condition In Signal Handling.
# For more details see: https://ubuntu.com/security/notices/USN-6859-1.
#
The following packages have been kept back:
python3-update-manager update-manager update-manager-core
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
❯ ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
因此,我的 openssh-client 和 openssh-server 都使用修补版本 8.9p1-3,但运行时ssh -V
我看到的是 8.9p1,这似乎是未修补的版本。这是预期的行为吗?ssh -V
还是它以某种方式指向了错误的版本?如果是这样,我该如何修复?