Hi On Mon, Nov 13, 2017 at 09:19:45PM +0100, Bastian Blank wrote: > On Mon, Nov 13, 2017 at 12:57:48PM +0000, Adam Weremczuk wrote: > > Our quarterly PCI compliance scan has just challenged us on the following: > > https://vulners.com/nessus/OPENSSH_76.NASL > > Also referred to as OSVDB-166706. > > The only security fix in OpenSSH 7.6 is: > | * sftp-server(8): in read-only mode, sftp-server was incorrectly > | permitting creation of zero-length files. Reported by Michal > | Zalewski. > > > As it's quite new I can't find much information on it online in terms of > > potential hotfixes and workarounds. > > There seems to be no CVE id, so it may not really show up on the radar.
JFTR, this should be CVE-2017-15906. Regards, Salvatore
