[kwlug-disc] Urgent! - OpenSSH client bug

Sandeep Johri sandeepjohri at rogers.com
Fri Jan 15 03:27:45 EST 2016 

Manjaro and I'm assuming the upstream Arch team pushed an update over 
the past few hours too.

https://lists.manjaro.org/pipermail/manjaro-security/2016-January/000026.html

From:
Sandeep Johri

On 14/01/16 12:04 PM, Khalid Baheyeldin wrote:
> Ubuntu just pushed an update a couple of hours earlier today.
>
> SECURITY UPDATE: information leak and overflow in roaming support
>     - debian/patches/CVE-2016-077x.patch: completely disable roaming 
> option
>       in readconf.c.
>     - CVE-2016-0777
>     - CVE-2016-0778
>
> On Thu, Jan 14, 2016 at 11:03 AM, L.D. Paniak 
> <ldpaniak at fourpisolutions.com <mailto:ldpaniak at fourpisolutions.com>> 
> wrote:
>
>     Apparently there is a bug in OpenSSH client in recent distributions.
>     Until a patch is pushed through the usual package management
>     routes, the following ssh client configuration change is recommended:
>
>     echo 'UseRoaming no' >> /etc/ssh/ssh_config
>
>     Affects all OpenSSH 5.4 - 7.1 (Ubuntu 12.04+).
>
>     http://undeadly.org/cgi?action=article&sid=20160114142733
>
>     Happy patching!
>     Lori
>
>     _______________________________________________
>     kwlug-disc mailing list
>     kwlug-disc at kwlug.org <mailto:kwlug-disc at kwlug.org>
>     http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
>
> -- 
> Khalid M. Baheyeldin
> 2bits.com <http://2bits.com>, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple, 
> and wrong." -- H.L. Mencken
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20160115/9241543f/attachment.htm>

More information about the kwlug-disc mailing list