
OpenSSH client side vulnerability CVE-2016-0777 fixed in upcoming 7.1p2 release - Aissen
http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034679.html
======
jlgaddis
Workaround (yes, it's client-side):

    
    
      # echo "UseRoaming no" >> /etc/ssh/ssh_config
    

MITM or session hijack, perhaps?

~~~
Piskvorrr
"The authentication of the server host key prevents exploitation by a man-in-
the-middle, so this information leak is restricted to connections to malicious
or compromised servers."

[http://lists.mindrot.org/pipermail/openssh-unix-
dev/2016-Jan...](http://lists.mindrot.org/pipermail/openssh-unix-
dev/2016-January/034680.html)

------
Aissen
Affects 5.4 - 7.1 (quite a lot of releases):
[http://undeadly.org/cgi?action=article&sid=20160114142733](http://undeadly.org/cgi?action=article&sid=20160114142733)

