AnsweredAssumed Answered

Qualys scan report on CVE-2016-3115

Question asked by naga rk on Nov 6, 2016

I ran Qualys on SUSE 12.0 server it found few security vulnerabilities and asked me to update latest packages including OpenSSH 7.2p2. After updating everything I ran Qualys for the last time every vulnerability reported before are gone but it reported new potential vulnerability of 'OpenSSH Xauth Command Injection Vulnerability' (CVE-2016-3115) and asks me to update OpenSSH to 7.2p2. But my SUSE 12.0 server already updated to 7.2p2.

 

Is it a false alarm?

Outcomes