Overview

File _patchinfo of Package patchinfo.363

<patchinfo incident="363">
  <packager>mkubecek</packager>
  <issue tracker="cve" id="2016-077"></issue>
  <issue tracker="cve" id="2016-0777"></issue>
  <issue tracker="cve" id="2016-0778"></issue>
  <issue tracker="bnc" id="961642">VUL-0: CVE-2016-0777: openssh: Information leak in ssh client</issue>
  <issue tracker="bnc" id="961645">VUL-0: CVE-2016-0778: openssh: Buffer overflow in roaming code</issue>
  <category>security</category>
  <rating>critical</rating>
  <summary>Security update for openssh</summary>
  <description>   - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH
     client to expose part or all of the client's private key through the
     roaming feature (bsc#961642)
   - CVE-2016-0778: A malicious or compromised server could could trigger a
     buffer overflow in the OpenSSH client through the roaming feature
     (bsc#961645)

   This update disables the undocumented feature supported by the OpenSSH
   client and a commercial SSH server.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places