Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: OpenSSH 7.1p2 client security update (CVE-2016-0777) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSH 7.1p2 client security update (CVE-2016-0777)
OpenSSH 7.1p2 (http://www.openssh.com/txt/release-7.1p2) has been released with a security fix for CVE-2016-0777, a client information leak that could leak private keys to a malicious server. There is also a workaround available (http://marc.info/?l=openbsd-tech&m=145278077820529&w=2). Red Hat (https://access.redhat.com/articles/2123781) and the OpenBSD Journal (http://undeadly.org/cgi?action=article&sid=20160114142733) have some details as well. It was discovered by Qualys (https://www.qualys.com/research/security-advisories/). krausedw

2 Posts

Sign Up for Free or Log In to start participating in the conversation!