Can we update openSSH from 8.0p1 to 9.6p1 on RHEL8 to vulnerability CVE (Terrapin Attack)
I'm trying to update openSSH from 8.0p1 to 9.6p1, finally I can update this to 9.6p1 , to make sure this I checked the version by using
- sshd -V
- telnet [ip] 22
but from CVE Scanner still show terrapin attack topic
Impacted software:
Systems supporting the following encryption algorithm and/or
MACs:
-
ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) encryption algorithm
-
CBC encryption algorithm and Encrypt-then-MAC (*-etm@openssh.com) MAC
Solution:
- Update OpenSSH to version 9.6 or later
- For other products please contact the vendor for possible fixes / updates
Could you tell me how to solve this problems?
