Severity: Unknown
Affected Package: openssh
Summary: OpenSSH client roaming information leak and buffer overflow
The experimental OpenSSH client roaming support could leak private key material via an information disclosure and contained a client-side buffer overflow, both triggerable by a malicious or compromised server. Roaming was disabled to mitigate the issue. Fixed in the 0.7.3 release.
No specific recommendations provided.
Aliases: CVE-2016-0777, CVE-2016-0778
Published: January 14, 2016
Last Modified: January 14, 2016