Openssh vulnerable?

I had a security audit run through my office and throw flags at my FreePBX-Distro-10.13.66 system.

Most are regarding the 5.3 version of openssh server. Here is one:

This host is running OpenSSH and is prone to multiple vulnerabilities.
Vulnerability Detection Result
Installed version: 5.3 Fixed version: 7.0
Successful exploitation will allow an attacker to gain privileges, to conduct impersonation attacks, to conduct brute-force attacks or cause a denial of service. Impact Level: Application
Upgrade to OpenSSH 7.0 or later. For updates refer to http: //
http: //
http: //

Yum has no updates available for openssh that I can see from the standard repositories.

Am I missing something?
Is this just known and no big deal?
If so I’d love a link to something I can point the auditors to.

I appreciate your help.


I would suggest you look at the following thread…

Chances are you are in the same situation…

Have a nice day!



Much appreciated.

I wish I would have thought to search for the terms “security audit”

Thanks again