OpenSSH: client bug CVE-0216-0778

jimmyk
jimmyk
@jimmy
8 years ago
514 posts
"This is the most serious bug you'll hear about this week: The issue dubbed CVE-0216-0778 has been identified and fixed in the OpenSSH.
An early heads up came from Theo de Raadt in this mailing list posting.
Until you are able to patch affected systems, the recommended workaround is to use"

# echo 'UseRoaming no' > > /etc/ssh/ssh_config


http://undeadly.org/cgi?action=article&sid=20160114142733
updated by @jimmy: 04/23/16 02:14:48AM
michael
@michael
8 years ago
7,746 posts
Thanks jimmy, by "patch affected systems" are they just meaning running:
sudo apt-get update
sudo apt-get upgrade
on ubuntu systems to get it all updated, or is it more complicated?
jimmyk
jimmyk
@jimmy
8 years ago
514 posts
Check this out: http://www.ubuntu.com/usn/usn-2869-1/
michael
@michael
8 years ago
7,746 posts
Champion, thanks. :)
jimmyk
jimmyk
@jimmy
8 years ago
514 posts
No problem.
brian
@brian
8 years ago
10,148 posts
Just to clarify this as well - this is a CLIENT issue, which means when you use ssh to connect to another server - it's not a SSH server issue, so this does not impact our hosting (since our hosting does not reach out to any other server via SSH).

Just an FYI for JR hosting customers in case they were wondering.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Tags