CVE-2016-0777 and mitigation

Damien Miller djm at mindrot.org
Fri Jan 15 01:16:38 AEDT 2016

Previous message (by thread): [PATCH RFC] Expose authentication information in the environment (PAM & shell)
Next message (by thread): Announce: Portable OpenSSH 7.1p2 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

We'll shortly be issuing a 7.1p2 release to fix a client-side security
bug that has been designated CVE-2016-0777. In the meantime, the
problem can be avoided by adding the undocumented "UseRoaming no"
directive to the system-wide ssh_config file.

More details will follow with the release.

-d

Previous message (by thread): [PATCH RFC] Expose authentication information in the environment (PAM & shell)
Next message (by thread): Announce: Portable OpenSSH 7.1p2 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list