Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Web Hosting Discussion > latest bug in open ssh client
forgot password?



Reply


Old
  Post #1 (permalink)   02-19-2017, 07:38 AM
HD Newbie
 
Join Date: Feb 2017
Location: Oman
Posts: 40

Status: hostgliders is offline
If you are using openssh client please listen;

A serious bug has been identified in the OpenSSH CLIENT that could lead to serious security breachs.

++++++++++++++++++++++++

To fix

Add the option ‘UseRoaming no’ to your /etc/ssh/ssh_config file or start your ssh client with -oUseRoaming=no included on the ssh command line.
ie, echo ‘UseRoaming no’ >> /etc/ssh/ssh_config


or

sudo sh -c ‘echo UseRoaming \”no\” >> /etc/ssh/ssh_config’

It’s being reported that it effects only on Centos 7 servers and they can update OpenSSH using yum.
#yum update openssh


+++++++++++++++++++++++++++++
__________________
Host Gliders
 
 
 


Old
  Post #2 (permalink)   02-20-2017, 09:38 PM
HD Addict
 
Join Date: Aug 2015
Posts: 127

Status: bigredseo is offline
Do you have a link to the security release information?

I did a search on Google but nothing much popped up in the feed for new issues. Some info on issues back in January 2016, but I didn't see much recently.
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 


Old
  Post #3 (permalink)   02-20-2017, 10:31 PM
HD Newbie
 
Join Date: Mar 2016
Posts: 36

Status: praveenk is offline
Please check following bug, I hope it will help.

https://bugzilla.redhat.com/show_bug...=CVE-2016-0777
__________________
ktchost.com - Reliable Web Hosting Provider
E-commerce Ready Hosting | Pure SSD Cloud/VPS | Offshore Dedicated Server
24/7 Reliable Tech Support | Monitoring Service | R1Soft Backup
 
 
 


Old
  Post #4 (permalink)   02-20-2017, 11:54 PM
HD Addict
 
Join Date: Sep 2014
Location: India
Posts: 238
Send a message via Skype™ to 24x7server

Status: 24x7server is offline
Hi,

---------------- ----------------
rpm -qa | grep openssh
rpm -q <result from above> --changelog | grep CVE-2016-0777
---------------- ----------------

You can check if the patch is applied or not through the above commands..
__________________
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
Network Monitoring Team !! Skype: techs24x7
 
 
 


Old
  Post #5 (permalink)   02-23-2017, 05:43 PM
HD Addict
 
Join Date: Aug 2015
Posts: 127

Status: bigredseo is offline
That's certainly one that I had seen, however if you check the dates on that bug, it's from January 2016 and was patched at that time.

The OP made it sound like there was a NEW bug that was out there, but I guess they were just padding their posting score.

Nothing to see here - please move along.
__________________
Conor Treacy
Big Red SEO - Omaha, NE
ConorTreacy.com <- That's Me! ;)
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: