openssh: multiple issues

2016-01-14T00:00:00
ID ASA-201601-9
Type archlinux
Reporter Arch Linux
Modified 2016-01-14T00:00:00

Description

  • CVE-2016-0777 (information disclosure)

An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.

  • CVE-2016-0778 (arbitrary code execution)

A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented that is leading to a file descriptor leak. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options (ProxyCommand, ForwardAgent or ForwardX11).