OpenSSH Client Bug Leaks Memory Contents

A newly revealed bug in the OpenSSH client from versions 5.4 through 7.1 allows memory contents to be read by malicious servers (archived). The vulnerability exists in code that allows "roaming" which was added to the OpenSSH client but not the OpenSSH server. Patches which remove the roaming code from the OpenSSH client are available.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>