OpenSSH Critical Update to Patch Roaming Vulnerability
-
The OpenSSH project has released a critical patch for their open source network encryption technology to address a flaw that could enable remote access to sensitive systems. Be sure to check your systems for updates immediately.
-
Red Hat Enterprise Linux 4, 5 and 6 are not affected by this flaw as they include OpenSSH versions that are older than 5.4; Red Hat Enterprise Linux 7 is affected, i guess that applies to same versions of CentOS
-
I have zero systems with public access to SSH.
Definitely want to get this patch in though.
-
I guess it's time for some work when I get to the hotel.
-
FTA, this looks like it only affects the SSH clients... Right?
-
@dafyre said:
FTA, this looks like it only affects the SSH clients... Right?
"The problem involved a bug that exposed a memory leak to a malicious SSH server," Cox explained. "Because the data in question didn't cross any trust or execution boundaries, the malicious server could get the client to possibly leak sensitive authentication key data."
I think it's both. I ran my update playbook and everything was patched within about 3 minutes