On July 1, 2024, researchers from Qualys disclosed a vulnerability in OpenSSH, a library that is used across the Linux community to provide secure access to platforms. As part of the Coordinated Vulnerability Disclosure (CVD) process, Qualys partnered with the maintainers of OpenSSH and major Linux distributions to refrain from releasing details or Proof of Concept (PoC) codes until a patch was available to affected distributions.
Variphy offers two options for Linux-based implementations of our platform: a pre-packaged VM appliance (OVA) built on Ubuntu or a standalone installer.
For OVA-based implementations, or those standalone installer-based installs running on Ubuntu, an update was released on July 1, 2024, on the same day as the CVD by Ubuntu for affected OS versions (22.04 LTS, 23.10, and 24.04 LTS).
If you are using one of the affected versions, we strongly recommend contacting your IT department to create a snapshot of your current OS and then upgrade the OS using the command: “sudo apt update && sudo apt upgrade”.
We recognize the importance of keeping your operating system up to date for optimal performance. While we are here to help with the Variphy platform and related issues, the maintenance of your operating system is the responsibility of your internal IT department. A major reason for this is that every customer’s vulnerability management program varies in cadence, management tools, version constraints, and other considerations.
Variphy strongly encourages all customers, regardless of OS platform, to ensure that all servers are set up to follow their organization’s vulnerability management program. This guarantees that risk remediation aligns with the customer’s policies, procedures, and standards.
For any questions or concerns related to this or the Variphy platform in general, reach out to your Variphy Account Executive or Systems Engineer, or directly to the security team at security@variphy.com.