[Tech ARP] ASUS ZenFone Zoom Offers 3X Optical Zoom & OIS

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

 

Package : openssh

Version : 5.5p1-6+squeeze8

CVE ID : CVE-2016-0777 CVE-2016-0778

Debian Bug : 810984

 

The Qualys Security team discovered two vulnerabilities in the roaming

code of the OpenSSH client (an implementation of the SSH protocol

suite).

 

SSH roaming enables a client, in case an SSH connection breaks

unexpectedly, to resume it at a later time, provided the server also

supports it.

 

The OpenSSH server doesn't support roaming, but the OpenSSH client

supports it (even though it's not documented) and it's enabled by

default.

 

CVE-2016-0777

 

An information leak (memory disclosure) can be exploited by a rogue

SSH server to trick a client into leaking sensitive data from the

client memory, including for example private keys.

 

 

CVE-2016-0778

 

A buffer overflow (leading to file descriptor leak), can also be

exploited by a rogue SSH server, but due to another bug in the code

is possibly not exploitable, and only under certain conditions (not

the default configuration), when using ProxyCommand, ForwardAgent or

ForwardX11.

 

This security update completely disables the roaming code in the OpenSSH

client.

 

It is also possible to disable roaming by adding the (undocumented)

option 'UseRoaming no' to the global /etc/ssh/ssh_config file, or to the

user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on

the command line.

 

Users with passphrase-less privates keys, especially in non interactive

setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to

update their keys if they have connected to an SSH server they don't

trust.

 

More details about identifying an attack and mitigations can be found in

the Qualys Security Advisory.

- --

Yves-Alexis Perez

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

 

iQEcBAEBCgAGBQJWl+3QAAoJEG3bU/KmdcClQSUH/2Wy04Var3CSmL3joTB0sctV

w7oPJTtg5XGS5cHkiXMTk29ksndv42K2j5dBF1XycK9QjrF0afdMP/ifSNcgLLUh

XSjFNp1tIecQr+eHO7MROLBnpZa5M0Petv6Vg5cTs7zWa2m8Gf6Y6qlkYRku/r/P

/wPwO9A+16dWCy2Bxcu/5SOS+W0L5frX+bzb+tBZ2GJZQoTDUtvLgizYmQHRg2k3

iLgrcy6tdmPH4HA7GViC9UlpW8kXQemH4S449q9a4KXzhmNOy1qwG2p0xyoc3McI

cdzDXHveMt+7OU4bF80HAGR/N7MeTIsT7sq7FoI2AL60+BN595K1P4Uz4JnfRpU=

=GJSJ

-----END PGP SIGNATURE-----