Timo Schöler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 01/14/2016 05:34 PM, m.roth@xxxxxxxxx wrote:
>> Michael H wrote:
>>> Probably worth a read...
>>>
>>> http://www.openssh.com/txt/release-7.1p2
>>>
>>>> Important SSH patch coming soon. For now, everyone on all
>>>> operating systems, please do the following:
>>>>
>>>> Add undocumented "UseRoaming no" to ssh_config or use
>>>> "-oUseRoaming=no" to prevent upcoming #openssh client bug
>>>> CVE-2016-0777. More later.
>>>
>>> echo "UseRoaming no" >> /etc/ssh/ssh_config
>>
>> Please clarify - will the update add *Roam* to
>> /etc/ssh/ssh_config?
>
> It will fix the bug.
>
>> I've just checked on two systems that are CentOS 7, a server, and
>> a workstation that I literally built yesterday, and grep -i on
>> both reports "no, not here".
>
> Yes, as it's undocumented, but enabled since about 2010. Even OpenBSD
> 5.9 (pre-release, it's going to be released on May 1st, 2016) does not
> mention it.
Undocumented? You're saying that there's a feature that is configurable
via the configuration file, and there's no mention of it at all in the
configuration file, not even the default?
That is more than slightly unacceptable.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
