漏洞修复--OpenSSH权限提升漏洞(CVE-2021-41617)

1. 漏洞描述:

官方已发布安全版本修复漏洞,腾讯安全专家建议受影响的用户请尽快更新至安全版本。
安全版本:OpenSSH 8.8
用户可根据所使用的发行版本,升级修复。
查看OpenSSH版本:rpm -qa | grep openssh
升级OpenSSL版本:yum -y install openssh
centos7 用户,建议升级到如下版本:openssh-7.4p1-22.el7_9
centos8 用户,建议升级到如下版本:openssh-8.0p1-13.el8
扫描到服务器存在漏洞风险,建议立即对相关主机进行快照备份,避免遭受损失。

2. 解决方法

使用阿里云或者腾讯云的仓库,具体方法其他文章有说明

sudo yum update -y openssh openssh-server openssh-clients

3. 修复过程

# sudo yum update -y openssh openssh-server openssh-clients
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh.x86_64 0:7.4p1-22.el7_9 will be an update
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:7.4p1-22.el7_9 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:7.4p1-22.el7_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================================================================================
 Package                                      Arch                                Version                                       Repository                            Size
===========================================================================================================================================================================
Updating:
 openssh                                      x86_64                              7.4p1-22.el7_9                                updates                              510 k
 openssh-clients                              x86_64                              7.4p1-22.el7_9                                updates                              655 k
 openssh-server                               x86_64                              7.4p1-22.el7_9                                updates                              459 k

Transaction Summary
===========================================================================================================================================================================
Upgrade  3 Packages

Total download size: 1.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): openssh-7.4p1-22.el7_9.x86_64.rpm                                                                                                            | 510 kB  00:00:00     
(2/3): openssh-clients-7.4p1-22.el7_9.x86_64.rpm                                                                                                    | 655 kB  00:00:00     
(3/3): openssh-server-7.4p1-22.el7_9.x86_64.rpm                                                                                                     | 459 kB  00:00:00     
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                      2.2 MB/s | 1.6 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : openssh-7.4p1-22.el7_9.x86_64                                                                                                                           1/6 
  Updating   : openssh-server-7.4p1-22.el7_9.x86_64                                                                                                                    2/6 
  Updating   : openssh-clients-7.4p1-22.el7_9.x86_64                                                                                                                   3/6 
  Cleanup    : openssh-clients-7.4p1-21.el7.x86_64                                                                                                                     4/6 
  Cleanup    : openssh-server-7.4p1-21.el7.x86_64                                                                                                                      5/6 
  Cleanup    : openssh-7.4p1-21.el7.x86_64                                                                                                                             6/6 
  Verifying  : openssh-server-7.4p1-22.el7_9.x86_64                                                                                                                    1/6 
  Verifying  : openssh-clients-7.4p1-22.el7_9.x86_64                                                                                                                   2/6 
  Verifying  : openssh-7.4p1-22.el7_9.x86_64                                                                                                                           3/6 
  Verifying  : openssh-clients-7.4p1-21.el7.x86_64                                                                                                                     4/6 
  Verifying  : openssh-7.4p1-21.el7.x86_64                                                                                                                             5/6 
  Verifying  : openssh-server-7.4p1-21.el7.x86_64                                                                                                                      6/6 

Updated:
  openssh.x86_64 0:7.4p1-22.el7_9                    openssh-clients.x86_64 0:7.4p1-22.el7_9                    openssh-server.x86_64 0:7.4p1-22.el7_9                   

Complete!

4. 重新扫描

在这里插入图片描述

你可能感兴趣的:(漏洞修复,Linux,运维,linux,网络)