I am using OpenSSH version 7.4p1, in CVE database I found that cpe:/a:openbsd:openssh:7.4:p1 is vulnerable to CVE-2017-15906 https://www.cvedetails.com/cve/CVE-2017-15906/.
Does this mean that for sure my version is affected or is it possible that this version has the same number but is already patched? How can I verify this?
Best Answer
CentOS is just rebuilt RHEL so your system is safe, if you updated to
openssh-7.4p1-16.el7
or similar that is shipped in CentOS 7.There is CVE database in Red Hat access portal:
https://access.redhat.com/security/cve/cve-2017-15906
With links to the erratas fixing the issues and with listing of packages fixing the specific issue:
https://access.redhat.com/errata/RHSA-2018:0980
Similarly you can get the changelog of your installed package and it should list something related to this CVE number.
Discaimer: I was fixing that package in this RHEL version.