OpenSSH has released version 7.1p2 today (January 14): http://www.openssh.com/txt/release-7.1p2 The main security issue it fixed is CVE-2016-0777, which is a bug in the roaming feature that can allow ssh private keys to be compromised. There is also a minor bug with the roaming feature, CVE-2016-0778 (not specifically mentioned in the announcement), which is a buffer overflow. The upstream fix for both of these is to completely disable this useless feature. Updated package uploaded for Cauldron. Patched package uploaded for Mageia 5. Advisory: ======================== Updated openssh packages fix security vulnerability: An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client (CVE-2016-0777). A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options (CVE-2016-0778). The issue only affects OpenSSH clients making use of the ProxyCommand feature. This update disables the roaming feature completely. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0777 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0778 http://www.openssh.com/security.html ======================== Updated packages in core/updates_testing: ======================== openssh-6.6p1-5.6.mga5 openssh-clients-6.6p1-5.6.mga5 openssh-server-6.6p1-5.6.mga5 openssh-askpass-common-6.6p1-5.6.mga5 openssh-askpass-6.6p1-5.6.mga5 openssh-askpass-gnome-6.6p1-5.6.mga5 openssh-ldap-6.6p1-5.6.mga5 from openssh-6.6p1-5.6.mga5.src.rpm Reproducible: Steps to Reproduce:
More information than you ever wanted about these issues: http://openwall.com/lists/oss-security/2016/01/14/7
In Hyper-V on Windows 10, M5, x86_64 Package(s) under test: openssh-clients openssh-server openssh % sudo urpmi openssh-clients Package openssh-clients-6.6p1-5.6.mga5.x86_64 is already installed % sudo urpmi openssh-server Package openssh-server-6.6p1-5.6.mga5.x86_64 is already installed % sudo urpmi openssh Package openssh-6.6p1-5.6.mga5.x86_64 is already installed Tested ssh from this system to HP Networking hardware with no errors Tested ssh from this system to various other patched and unpatched linux servers with no errors Tested ssh to this system from patched and unpatched linux servers, putty and kitty with no errors
CC: (none) => dpremy
RedHat has issued an advisory for this on January 14: https://rhn.redhat.com/errata/RHSA-2016-0043.html Advisory: ======================== Updated openssh packages fix security vulnerability: An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client (CVE-2016-0777). A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options (CVE-2016-0778). The issue only affects OpenSSH clients making use of the ProxyCommand feature. This update disables the roaming feature completely. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778 https://rhn.redhat.com/errata/RHSA-2016-0043.html http://www.openssh.com/security.html
URL: (none) => http://lwn.net/Vulnerabilities/672071/
OK'ing this based on David's test and mine on i586. I actually use a ProxyCommand and that's still working fine too. Please validate and upload this update ASAP :o)
Whiteboard: (none) => MGA5-32-OK MGA5-64-OK
Validating, advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0022.html
Status: NEW => RESOLVEDResolution: (none) => FIXED