CVE-2016-0777 and mitigation

Damien Miller djm at
Fri Jan 15 01:16:38 AEDT 2016


We'll shortly be issuing a 7.1p2 release to fix a client-side security
bug that has been designated CVE-2016-0777. In the meantime, the
problem can be avoided by adding the undocumented "UseRoaming no"
directive to the system-wide ssh_config file.

More details will follow with the release.


More information about the openssh-unix-dev mailing list