MNBSD-2016-2: OpenSSH client roaming information leak and buffer overflow

Severity: Unknown

Affected Package: openssh

Summary: OpenSSH client roaming information leak and buffer overflow

Description

The experimental OpenSSH client roaming support could leak private key material via an information disclosure and contained a client-side buffer overflow, both triggerable by a malicious or compromised server. Roaming was disabled to mitigate the issue. Fixed in the 0.7.3 release.

Affected Versions

openssh

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-0777, CVE-2016-0778

Published: January 14, 2016
Last Modified: January 14, 2016