OpenSSH security vulerability

Blog Post created by dz_ny Expert on Jun 3, 2016

openSSH security vulnerability is a false positive. The SUSE developers develop their own patches and have their own numbered. In their numbering, OpenSSH was patched for CVE's 2015-5352, -5600, and -6564 as of version 6.2p2-0.17.1. According to the SUSE analysis at, CVE-2015-6565 fixes a bug that appears only in OpenSSH 6.8 and 6.9 and does not affect the older base version used in openSUSE.

The OVA 5.4 (and higher) has openssh-6.6p1-5.3.1.x86_64. This is documented ( to contain fixes for CVE's 2015-5352, 2015-5600, and 2015-6564. The statement about 2015-6565 still applies.

Most scanner is only checking the version and not actually testing for the vulnerability.


If you still prefer to disable SSH, open VMTurbo console:  service sshd stop