OpenSSH version:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.11, OpenSSL 1.1.1f 31 Mar 2020
According to this Aualys blog post, that version is not affected by the SSH bug.
I noticed the SSL version looked old - March 2020. I ran apt-get update
and then checked:
apt-cache policy openssl
openssl:
Installed: 1.1.1f-1ubuntu2.22
Candidate: 1.1.1f-1ubuntu2.22
Version table:
*** 1.1.1f-1ubuntu2.22 500
500 http://mirrors.linode.com/ubuntu focal-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
100 /var/lib/dpkg/status
1.1.1f-1ubuntu2 500
500 http://mirrors.linode.com/ubuntu focal/main amd64 Packages
I'm confused about why it has an installed version the same as a canidate.
I found this other blog post, which is still listed as 1.1.1f.
I'm confused about what I need to update to be secure?