How do I update unraid os packages?

Recommended Posts

I'm new to unraid but couldn't find an answer quickly searching the forum. I've scanned my new unraid build with outpost24 and it found  one critical issue (CVE 2023-38408) which could be fixed by updating sshd. Usually something like this would be fixed with a simple yum or apt update but although it's fairly easy and straightforward to update the docker containers on unraid I can't find how to update the unraid OS packages.

Vulnerability Information:
The PKCS#11 feature in ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to 
remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib 
is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete
fix for CVE-2016-10009.

Solution: Upgrade to version 9.4 or later of OpenSSH.
Category: Update
Product:  OpenSSH
CVE:      CVE-2023-38408
Bugtraq:  No bugtraq
Link to comment
  • changed the title to How do I update unraid os packages?

There is no standard way to safely update packages as Unraid is meant to be treated as an 'appliance'.  Installing a package that has not been validated by Limetech risks breaking the system so normally you need to wait for Limetech to release a new Unraid release that includes the patches.


If you can find a self-contained version of the package with no dependencies that is compatible with the Slackware base underlying Unraid you can put it into the 'extras' folder on the flash drive and it then gets installed as part of the Unraid boot process, but you do this at your own risk.


Having said all that you should not need to as the release notes for the 12.4 release contain

openssh: version 9.3p2 (CVE-2023-38408)

so that vulnerability should already be patched.

Link to comment

There is something fishy going on with sshd versioning anyway. ssh -v <my_nas> shows version 9.3:
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.3
debug1: compat_banner: match: OpenSSH_9.3 pat OpenSSH* compat 0x04000000

on unraid ssh -V shows the same 9.3 version:
# sshd -V
OpenSSH_9.3, OpenSSL 1.1.1v  1 Aug 2023

but using an unknown parameter displays the patched version?
# sshd -v
unknown option -- v
OpenSSH_9.3p2, OpenSSL 1.1.1v  1 Aug 2023

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.