FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openssh -- information disclosure

Affected packages
5.4.p0,1 < openssh-portable < 7.1.p2,1
10.2 <= FreeBSD < 10.2_10
10.1 <= FreeBSD < 10.1_27
9.3 <= FreeBSD < 9.3_34

Details

VuXML ID dfe0cdc1-baf2-11e5-863a-b499baebfeaf
Discovery 2016-01-14
Entry 2016-01-14
Modified 2016-08-09

OpenSSH reports:

OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys.

References

CVE Name CVE-2016-0777
CVE Name CVE-2016-0778
FreeBSD Advisory SA-16:07
URL http://www.openssh.com/security.html