My security vendor provided me with this report.
I am on 4.5.0-6
OpenSSH
Current Version:
9.2
CVE-2023-28531
CVE-2023-38408
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
CVE-2024-6387
CVE-2025-26465
Nginx
Current Version:
1.22.1
CVE-2023-44487
Detected At:
Mar 30, 2025 04:45:07 pm
Just making sure that we are safe
Thank you
On VitalPBX, the OS dependencies/packages like OpenSSH and Nginx versions are managed by the Debian security team. The version numbers reported in the scan might not directly match upstream releases, as Debian applies security patches to their stable package versions without always bumping the version number.
To check if your installed versions are patched against these CVEs, you can check the Debian Security Tracker.
https://security-tracker.debian.org/tracker/source-package/openssh
https://security-tracker.debian.org/tracker/source-package/nginx
We strongly recommend updating the whole O.S. every now and then to apply any pending security updates for all the packages.
apt clean all
apt update
apt upgrade -y
Reboot the server in case of Kernel update.
reboot
Thank you very much!
I’ll update it.