Alice Wonder wrote: > On 01/15/2016 06:39 AM, Johnny Hughes wrote: >> On 01/14/2016 10:20 AM, Michael H wrote: >>> Probably worth a read... >>> >>> http://www.openssh.com/txt/release-7.1p2 >>> >>>> Important SSH patch coming soon. For now, everyone on all operating >>>> systems, please do the following: >>>> >>>> Add undocumented "UseRoaming no" to ssh_config or use >>>> "-oUseRoaming=no" >>>> to prevent upcoming #openssh client bug CVE-2016-0777. More later. >>> >>> echo "UseRoaming no" >> /etc/ssh/ssh_config >> >> For the record, this update is now released (it was yesterday): >> >> https://lists.centos.org/pipermail/centos-announce/2016-January/021614.html >> >> This contains a patch that disables roaming: >> https://git.centos.org/commitdiff/rpms!openssh.git/1edce7e6bfedb27a163f35bcacab620a703408ac > > Yes, thank you, I saw it yesterday in my e-mail from yum. > > I am not happy that this bug existed, undocumented features enabled by > default are not a good thing. Complete agreement. > > However that this bug was found demonstrates a success of the Open > Source philosophy. I don't know this would have been found in a closed > source SSH implementation. > > Open Source works. > Yup. Certain closed-source coMpanie$ would be saying "what problem, there's no problem here, pay your money and move along...." mark