Netscaler OpenSSH CVEs
Article ID: CTX691418
Updated On:
Description
Netscaler OpenSSH CVEs
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
Resolution
Customers are advised to apply the latest update
NetScaler Console 13.1 Build 53+ and later releases of 13.1
Why OpenSSH 9.3p2 is being used to fix the CVEs instead OpenSSH 9.6?
The OpenSSH 9.x upgrade that is shipping in 13.1 GA build 53.X is patch complete for all known CVEs.
Our baseline is a unified image, and one of the attributes of our ADC/SVM/ADM-on-prem product binaries is they are all running OpenSSL 1.0.2.
OpenSSH 9.6 is not compatible with OpenSSL 1.0.2 and they cannot coexist in the same image together.
Accordingly what we did is start from the OpenSSH 9.3 code base, which is the last version compatible with OpenSSL 1.0.2,
We applied patches for all known CVEs. The shipping version of OpenSSH in 13.1 GA build 53.X is best referred to as OpenSSH 9.3p2.
To summarize: 13.1 GA build 53.X is running OpenSSH 9.3p2 and it is patch complete for all known CVEs
Additional Information
