[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thursday 14 Jan 2016 17:33:46 Gordon Henderson wrote: > Probably OK unless you ssh to compromised hosts, but edit your > /etc/ssh/ssh_config until you get an updated ssh. > > =-=-=-= > > More info's now been released... > > http://undeadly.org/cgi?action=article&sid=20160114142733 The grubby details in the Qualys paper mean it is extremely unlikely any of my machines would leak a secret key this way, and I'd know about it if it had happened. Got a lot of attention, and probably rightfully so, memory leak in a feature hardly anyone uses - remind you of anything - but I think the real world exploit-ability is pretty low. I flagged it as keep an eye on the regular patching to make sure it gets patched. https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq