Page MenuHomeDevCentral

Mitigate CVE-2016-0777 in SSH clients configuration files
Closed, ResolvedPublic

Description

A security issue has been discovered to the SSH client.

To mitigate it, the following undocumented setting should be applied:

/etc/ssh/ssh_config
UseRoaming no

Reference

Event Timeline

Done for Ysul, Dwellers, the containers for DevCentral and phabricator.wolfplex.be.

dereckson lowered the priority of this task from High to Normal.Jan 14 2016, 16:01

Lowered the priority as we've mitigated at places where there are ssh outgoing connections.

Ysul OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015
Dwellers OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Jnekins/Phab Containers still needs to be updated.

dereckson removed dereckson as the assignee of this task.Mar 8 2018, 21:07
dereckson claimed this task.

OpenSSH now mitigates this.