The Qualys Security team discovered two vulnerabilities in the OpenSSH client.
CVE-2016-0777 – Information leak
Can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys.
CVE-2016-0778 – Buffer overflow
A buffer overflow (leading to file descriptor leak), can also be
exploited by a rogue SSH server.
One can mitigate CVE-2016-0777 by disabling the experimental roaming option in the ssh client:
echo -e ‘Host *\nUseRoaming no’ >> /etc/ssh/ssh_config
Updated binaries are being pushed by operating system vendors.
