I had a security audit run through my office and throw flags at my FreePBX-Distro-10.13.66 system.
Most are regarding the 5.3 version of openssh server. Here is one:
This host is running OpenSSH and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 5.3 Fixed version: 7.0
Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to conduct brute-force attacks or cause a denial of service. Impact Level: Application
Upgrade to OpenSSH 7.0 or later. For updates refer to http: //www.openssh.com
Yum has no updates available for openssh that I can see from the standard repositories.
Am I missing something?
Is this just known and no big deal?
If so I’d love a link to something I can point the auditors to.
I appreciate your help.