1. 漏洞描述:
官方已发布安全版本修复漏洞,腾讯安全专家建议受影响的用户请尽快更新至安全版本。
安全版本:OpenSSH 8.8
用户可根据所使用的发行版本,升级修复。
查看OpenSSH版本:rpm -qa | grep openssh
升级OpenSSL版本:yum -y install openssh
centos7 用户,建议升级到如下版本:openssh-7.4p1-22.el7_9
centos8 用户,建议升级到如下版本:openssh-8.0p1-13.el8
扫描到服务器存在漏洞风险,建议立即对相关主机进行快照备份,避免遭受损失。
2. 解决方法
使用阿里云或者腾讯云的仓库,具体方法其他文章有说明
算了看问答里有小伙伴觉得省了就不连贯了.就把仓库配置补上吧.
rm -f /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache
升级补丁文章来源:https://www.toymoban.com/news/detail-556531.html
sudo yum update -y openssh openssh-server openssh-clients
3. 修复过程
# sudo yum update -y openssh openssh-server openssh-clients
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh.x86_64 0:7.4p1-22.el7_9 will be an update
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:7.4p1-22.el7_9 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:7.4p1-22.el7_9 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================================
Updating:
openssh x86_64 7.4p1-22.el7_9 updates 510 k
openssh-clients x86_64 7.4p1-22.el7_9 updates 655 k
openssh-server x86_64 7.4p1-22.el7_9 updates 459 k
Transaction Summary
===========================================================================================================================================================================
Upgrade 3 Packages
Total download size: 1.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): openssh-7.4p1-22.el7_9.x86_64.rpm | 510 kB 00:00:00
(2/3): openssh-clients-7.4p1-22.el7_9.x86_64.rpm | 655 kB 00:00:00
(3/3): openssh-server-7.4p1-22.el7_9.x86_64.rpm | 459 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.2 MB/s | 1.6 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : openssh-7.4p1-22.el7_9.x86_64 1/6
Updating : openssh-server-7.4p1-22.el7_9.x86_64 2/6
Updating : openssh-clients-7.4p1-22.el7_9.x86_64 3/6
Cleanup : openssh-clients-7.4p1-21.el7.x86_64 4/6
Cleanup : openssh-server-7.4p1-21.el7.x86_64 5/6
Cleanup : openssh-7.4p1-21.el7.x86_64 6/6
Verifying : openssh-server-7.4p1-22.el7_9.x86_64 1/6
Verifying : openssh-clients-7.4p1-22.el7_9.x86_64 2/6
Verifying : openssh-7.4p1-22.el7_9.x86_64 3/6
Verifying : openssh-clients-7.4p1-21.el7.x86_64 4/6
Verifying : openssh-7.4p1-21.el7.x86_64 5/6
Verifying : openssh-server-7.4p1-21.el7.x86_64 6/6
Updated:
openssh.x86_64 0:7.4p1-22.el7_9 openssh-clients.x86_64 0:7.4p1-22.el7_9 openssh-server.x86_64 0:7.4p1-22.el7_9
Complete!
4. 重新扫描
文章来源地址https://www.toymoban.com/news/detail-556531.html
到了这里,关于漏洞修复--OpenSSH权限提升漏洞(CVE-2021-41617)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
