[arch-security] openssh: workaround for critical vulnerability
Levente Polyak
anthraxx at archlinux.org
Thu Jan 14 15:21:12 UTC 2016
Summary
=======
A critical client side SSH vulnerability has been discovered and a
patched upstream version is released as 7.1p2. We strongly advise to use
the following workaround until the upcoming release is rolled out in
Arch Linux.
This vulnerability is being tracked as CVE-2016-0777.
Workaround
==========
Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
work around the issue.
References
==========
https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034680.html
https://www.marc.info/?l=openbsd-tech&m=145278077820529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: signature.asc
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160114/7f448737/attachment-0033.ksh>
More information about the arch-security
mailing list