OpenSSH version on leap 15.5 is very old

I start with openSUSE with leap 15.5 and i check version of openssh, is 8.4p1
Question: this version is very old and CVE below are present, how to update openssh or patch it
(cve) CVE-2021-41617 – (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2016-20012 – (CVSSv2: 5.3) enumerate usernames via challenge response
Can you help me ?

@Nono Hi and welcome to the Forum :smile:
For openSUSE you should be over at :wink:

Anyway, CVE’s etc are backported to older versions, just like SLE, that is why security scanners don’t function when looking at version numbers as it’s not applicable;

rpm -q openssh --changelog | grep -E "CVE-2021-41617|CVE-2016-20012"
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by

I suspect the one for 2016 is not applicable for the released version…

You can also head over to
The second one was disputed and resolved.