[CentOS] Fwd: Heads up: OpenSSH users

Fri Jan 15 14:48:57 UTC 2016
Alice Wonder <alice at domblogger.net>

On 01/15/2016 06:39 AM, Johnny Hughes wrote:
> On 01/14/2016 10:20 AM, Michael H wrote:
>> Probably worth a read...
>> http://www.openssh.com/txt/release-7.1p2
>>> Important SSH patch coming soon.  For now, everyone on all operating
>>> systems, please do the following:
>>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
>>> to prevent upcoming #openssh client bug CVE-2016-0777. More later.
>> echo "UseRoaming no" >> /etc/ssh/ssh_config
> For the record, this update is now released (it was yesterday):
> https://lists.centos.org/pipermail/centos-announce/2016-January/021614.html
> This contains a patch that disables roaming:
> https://git.centos.org/commitdiff/rpms!openssh.git/1edce7e6bfedb27a163f35bcacab620a703408ac

Yes, thank you, I saw it yesterday in my e-mail from yum.

I am not happy that this bug existed, undocumented features enabled by 
default are not a good thing.

However that this bug was found demonstrates a success of the Open 
Source philosophy. I don't know this would have been found in a closed 
source SSH implementation.

Open Source works.