.
Just wanted to let you know that Centrify Express 5.4 is available for download.
The optional enhanced SSH Server package shipped is based on OpenSSH 7.3p1.
From the release notes:
Centrify OpenSSH 5.4.0 is upgraded based on stock OpenSSH 7.3p1. - SSHv1 is no longer supported. (Ref: CS-40924) - The LAM version of Centrify OpenSSH is no longer shipped as all AIX versions
already provide PAM authentication.
If you are still using the LAM version of Centrify OpenSSH, you should replace
it with the corresponding PAM version for supportability. (Ref: CS-40743)
You can download it from here: https://www.centrify.com/express/linux-unix/download/
Please note that some of the CVEs you pointed out from the scan tool are configuration-dependent. For example, for a system to be exposed to CVE-2015-8325 this requires that the directive UseLogin in the OpenSSH config file is set to yes and the pam_env PAM module configured to read user environment settings; this means that the mitigation strategy is to simply set the UseLogin to no (default setting).
For each CVE that you discover, you need to make an assessment of the configuration conditions and find out from your infrastructure lead if that combination is in use.
Finally, as a reminder, if you are a commercial organization leveraging Centrify software and you require conformance to security standards like PCI DSS, consider Centrify Standard Edition. This gives you full capability and customer benefits like business day or 24x7 support and early access to software releases.
Thank you for your patience,
R.P