20.04 openssh and apache2 vulnerabilities

Antoninius

10/19/23, 8:04 PM

Our organization has a fully patched Ubuntu 20.04 app server which is showing up in a vulnerability scan with openssh and apache2 vulnerabilities. Is there a way to address these without upgrading to 22.04?

The package versions are: apache2: 2.4.41-4ubuntu3.12 openssh: 1:8.2p1-4ubuntu0.5

Here is the list of vulnerabilities for reference: CVE-2020-13950 CVE-2020-15778 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-28041 CVE-2021-31618 CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438 CVE-2021-41617 CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813

252

0 + 1

apache2

openssh

vulnerability

matigo

10/19/23, 9:58 PM

Many of these CVEs have already need addressed, and others are unlikely to affect a 20.04 installation as they are 32-bit-specific vulnerabilities. [CVE-2022-22721](https://ubuntu.com/security/CVE-2022-22721) is a good example of an issue that likely isn’t affecting your server at all and, if it is, it’s because an administrator is doing something that is very non-standard (which then leads to investigating non-standard solutions). My experience with security scanners is that they’re designed for management types, not IT professionals

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: 20.04 openssh and apache2 vulnerabilities

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.