3.4.4 of SFTP Gateway, or any version where you've run OS updates, you may be vulnerable to CVE-2023-3269.
CVE-2023-3269 is a vulnerability which exists in the memory management subsystem of the Linux kernel and exists in Linux kernel versions
Note: We do not recommend updating the kernel unless you're receiving security alerts due to CVE-2023-3269.
VM Vulnerability Check
To check your current kernel version, you can run this command:
If you're inside the vulnerability range,
6.4, you may want to consider upgrading the kernel to version
6.5.5 which we have instructions for below.
However, before making any kernel updates or changes, we recommend exporting a backup artifact of your Users and Settings, which you can do by following our article on the upgrade/recovery process for SFTP Gateway.
Upgrading the Kernel Version
To upgrade the kernel to version
6.5.5, you will need to download the kernel image and modules, install them and then reboot the VM.
First, elevate your privileges to root:
6.5.5 kernel image and modules using wget:
Give the image and modules execute permissions:
chmod +x *
Install the kernel:
sudo dpkg --install *.deb
Reboot the VM:
Rerun the command to check your kernel version:
You should now see this output, showing you're on kernel version