Disputed OpenSSH_8.7p1 CVE-2021-36368 on Alma Linux 9.6

prakashx86 · June 6, 2025, 1:28pm

Hello

We are using AlmaLinux 9.6.
Our Security scanner had detected OpenSSH_8.7p1 CVE-2021-36368 Which is Disputed status on CVE database.

Is there any plan to Backport this CVE ? or any URL or reference specifying that this is false and not vulnerable on AlmaLinux 9.6.

Thanks
Prakash

jlehtone · June 6, 2025, 5:10pm

The “ground truth” is what Red Hat says about RHEL: cve-details
Which is: “not affected”.

Hence, Red Hat will not backport anything for the RHEL version. If AlmaLinux would like to act differently, then they would have to come up with a backport on their own.