[arch-security] [ASA-201601-9] openssh: multiple issues
anthraxx at archlinux.org
Thu Jan 14 17:12:28 UTC 2016
Arch Linux Security Advisory ASA-201601-9
Date : 2016-01-14
CVE-ID : CVE-2016-0777 CVE-2016-0778
Package : openssh
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package openssh before version 7.1p2-1 is vulnerable to multiple
issues including information disclosure (including the client's private
keys) and arbitrary code execution.
Upgrade to 7.1p2-1.
# pacman -Syu "openssh>=7.1p2-1"
The problems have been fixed upstream in version 7.1p2.
It is possible to mitigate this issue by setting the following option in
the OpenSSH client's configuration file manually, either global
(/etc/ssh/ssh_config) or user specific (~/.ssh/config):
The above directive should be placed in the Host * section of the
configuration file to use this setting for all SSH servers the client
You can also set the option via a command line argument when connecting
to an SSH server:
-o 'UseRoaming no'
Using one of those configuration values mitigates the problems by
disabling the roaming feature.
- CVE-2016-0777 (information disclosure)
An information leak flaw was found in the way the OpenSSH client roaming
feature was implemented. A malicious server could potentially use this
flaw to leak portions of memory (possibly including private SSH keys) of
a successfully authenticated OpenSSH client.
- CVE-2016-0778 (arbitrary code execution)
A buffer overflow flaw was found in the way the OpenSSH client roaming
feature was implemented that is leading to a file descriptor leak. A
malicious server could potentially use this flaw to execute arbitrary
code on a successfully authenticated OpenSSH client if that client used
certain non-default configuration options (ProxyCommand, ForwardAgent or
A remote attacker is able to use a malicious server to leak client
memory, including the client's private keys or, under certain non
default circumstances, execute arbitrary code.
Users with passphrase-less privates keys, especially in non interactive
setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to
update their keys if they have connected to an SSH server they don't
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security