Typically, fixes like that are distributed in the routine package updates. So if you keep your packages up to date (which is a good idea in most cases anyway), you should have the fix.
If you want to check which package version(s) you exactly need, you can look that up. The blog article you mentioned links in the first paragraph to the corresponding entry in Ubuntu Security. There, you can check under "Status" which versions of which source code packages you need. For Ubuntu 22.04 LTS Jammy Jellyfish, you look for "Jammy":
Package openssh
, jammy, Released (1:8.9p1-3ubuntu0.10)
Package openssh-ssh1
, jammy, Not vulnerable
(introduced in v8.5p1)
So for this, you only need to worry about any binary packages built from the source package openssh
(if you have installed anything related to OpenSSH 1.x in the first place).
To find out which binary packages that are, the Ubuntu Security package conveniently links a search to the Ubuntu packages list, under the keyword "Ubuntu". For the source package openssh
, that would be this search.
There again, you can look for your distribution version, being Jammy. This shows you that from the source package openssh
, the following binary packages are built:
openssh-client, openssh-server, openssh-sftp-server, openssh-tests, ssh, ssh-askpass-gnome
Each of those is a link to the respective package in the packages list. So you can look up there which is the newest version. Typically, the naming will follow the source package, so you'll be looking for openssh-client 1:8.9p1-3ubuntu0.10
, openssh-server 1:8.9p1-3ubuntu0.10
and so forth. You can check with apt policy
which package in which version you have currently installed, for example apt policy openssh-client
, apt policy openssh-server
etc.
In case any of those packages are still on outdated versions, you can update them with apt upgrade
. But as I mentioned above, if you do you routine package updates, those should already have been handled. Of course, you only need to update packages that you're actually using, so if for example you don't have openssh-tests
installed, you don't need to upgrade it to any newer version.
As a side remark just in case: If you installed anything OpenSSH-related yourself outside of the Ubuntu package system, for example by compiling it yourself, you're responsible for that yourself. The Ubuntu package system can't help you with those cases.
sudo apt update
only updates your machine software lists, ie. so it knows what updates are available, but does not apply them until you decide to (via a command usually executed after what you just did). Have you applied security fixes? or just updated your software lists? as your question details imply you only did the formersudo apt upgrade
will apply most upgrades, but depending on what you have installed (esp. 3rd party) asudo apt full-upgrade
maybe is required.. ie.apt update
only updates software lists so your machine is aware of what can be upgraded, and you decide when to upgrade them using eitherapt upgrade
ORapt full-upgrade
(as there are differences to those; you have full control when you want any consequences required byfull-upgrade
)