<div dir="ltr">Ubuntu just pushed an update a couple of hours earlier today.<br><br> SECURITY UPDATE: information leak and overflow in roaming support<br>
- debian/patches/CVE-2016-077x.patch: completely disable roaming option<br>
in readconf.c.<br>
- CVE-2016-0777<br>
- CVE-2016-0778<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 14, 2016 at 11:03 AM, L.D. Paniak <span dir="ltr"><<a href="mailto:ldpaniak@fourpisolutions.com" target="_blank">ldpaniak@fourpisolutions.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Apparently there is a bug in OpenSSH client in recent distributions.<br>
Until a patch is pushed through the usual package management <br>
routes, the following ssh client configuration change is
recommended:<br>
<br>
<span style="color:rgb(0,0,0);font-family:monospace;font-size:16px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none">echo 'UseRoaming no' >> /etc/ssh/ssh_config</span><br style="color:rgb(0,0,0);font-family:monospace;font-size:16px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">
<br>
Affects all OpenSSH 5.4 - 7.1 (Ubuntu 12.04+).<br>
<br>
<a href="http://undeadly.org/cgi?action=article&sid=20160114142733" target="_blank">http://undeadly.org/cgi?action=article&sid=20160114142733</a><br>
<br>
Happy patching!<br>
Lori<br>
</div>
<br>_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Khalid M. Baheyeldin<br><a href="http://2bits.com" target="_blank">2bits.com</a>, Inc.<br>Fast Reliable Drupal<br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>For every complex problem, there is an answer that is clear, simple, and wrong." -- H.L. Mencken<br></div>
</div>