Hello, I am using Almalinux9 and openssh version 8.7. Now, I need to update openssh8.7 to 9.x on my server. Is it possible?
If was, please let me know the instruction.
Best Regards,
MM
no, and really there’s no need to as vulnerability fixes are backported - i assume that’s why you feel the need, not some extra functionality?
Thank you for your explanation. But Security Vendor request to update openssh 9.x on my server. How should I do it?
Best Regards,
Hi,
Could you ask the security vendor which specific CVE requires OpenSSH 9.x?
On AlmaLinux 9, OpenSSH security fixes are usually backported to the supported 8.7 package, so the upstream version number alone does not necessarily mean the system is vulnerable.
You can search the CVE number here and confirm whether a fixed AlmaLinux package has already been released:
In most cases, applying the latest AlmaLinux security updates is the recommended approach rather than replacing OpenSSH with an unsupported 9.x build.
Best regards,
Thank you for your explanation.
The backporting is explained in What is backporting, and how does it apply to RHEL and other Red Hat products? and Security Backporting Practice | Red Hat Customer Portal
(AlmaLinux stays compatible with RHEL, so the above applies to AlmaLinux too.)
That is, while the openssh package in AlmaLinux 9 seems to have version number “8.7”, that does not mean that it is exactly same as the upstream openssh 8.7. The version in RHEL and AlmaLinux may have features, and definitely has security fixes, that the upstream openssh 8.7 does not, nor will have.
One should find out why they request. They could have a good reason, or they might lack information.
An another option is to switch to a distro that at least seems to offer what is requested.
(For example, AlmaLinux 10 has now openssh 9.9p1-14.el10_1.alma.1.)