latest bug in open ssh client

[hostgliders]

If you are using openssh client please listen;

A serious bug has been identified in the OpenSSH CLIENT that could lead to serious security breachs.

++++++++++++++++++++++++

To fix

Add the option ‘UseRoaming no’ to your /etc/ssh/ssh_config file or start your ssh client with -oUseRoaming=no included on the ssh command line.
ie, echo ‘UseRoaming no’ >> /etc/ssh/ssh_config


or

sudo sh -c ‘echo UseRoaming \”no\” >> /etc/ssh/ssh_config’

It’s being reported that it effects only on Centos 7 servers and they can update OpenSSH using yum.
#yum update openssh


+++++++++++++++++++++++++++++

 

[bigredseo]

Do you have a link to the security release information?

I did a search on Google but nothing much popped up in the feed for new issues. Some info on issues back in January 2016, but I didn't see much recently.

 

[praveenk]

Please check following bug, I hope it will help.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0777

 

[24x7server]

Hi,

---------------- ----------------
rpm -qa | grep openssh
rpm -q <result from above> --changelog | grep CVE-2016-0777
---------------- ----------------

You can check if the patch is applied or not through the above commands..

 

[bigredseo]

That's certainly one that I had seen, however if you check the dates on that bug, it's from January 2016 and was patched at that time.

The OP made it sound like there was a NEW bug that was out there, but I guess they were just padding their posting score.

Nothing to see here - please move along. :uhh::uhh: