Author Topic: [Fix released] Security: OpenSSH client vulnerability workaround (CVE-2016-0777)  (Read 1881 times)

0 Members and 1 Guest are viewing this topic.

Offline jonathon

  • Core Team
  • *****
  • Posts: 2104
  • Technologist - Teacher - Tea drinker
  • Branch: Unstable
  • Desktop: MATE 1.14
  • GPU Card: Nvidia GTX680M
  • GPU driver: Bumblebee nvidia+intel
  • Kernel: 4.6.0-*-MANJARO x86_64
  • Skill: Advanced
CVE-2016-0777

Summary
=======

A critical client side SSH vulnerability has been discovered and a
patched upstream version is released as 7.1p2. We strongly advise to use
the following workaround until the upcoming release is rolled out in
Arch Linux.
This vulnerability is being tracked as CVE-2016-0777.

Workaround
==========

Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no"
work around the issue. For example:

Code: [Select]
sudo echo "UseRoaming no" >> /etc/ssh/ssh_config
References
==========
http://undeadly.org/cgi?action=article&sid=20160114142733
https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034680.html
https://www.marc.info/?l=openbsd-tech&m=145278077820529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
« Last Edit: 14. January 2016, 22:06:44 by jonathon »
--
MSI GT70: Core i7-3630QM, 16GB, Nvidia GTX680M, Intel 2230, Manjaro-MATE-amd64-EFI
Lenovo X230: Core i5-3320M, 4GB, Intel HD4000, Intel 6205, Manjaro-MATE-amd64
Dell Studio 1749: Core i5 540, 8GB, ATi HD5650, Intel WLAN, Manjaro-Xfce-amd64
Let's go in the garden; you'll find something waiting.

Offline scachemaille

  • Held Mitglied
  • *****
  • Posts: 528
  • I'm new. Be nice!
  • Branch: Unstable
  • Desktop: Plasma 5
  • GPU Card: nVidia GT 330M
  • GPU driver: Nouveau
  • Kernel: 4.8_x64
  • Skill: Intermediate
Re: Security: OpenSSH client vulnerability workaround (CVE-2016-0777)
« Reply #1 on: 14. January 2016, 16:43:45 »
I guess the NSA used it a lot  :o
Thanks for the info.
« Last Edit: 14. January 2016, 16:45:47 by scachemaille »

Offline forivall

  • Neuling
  • *
  • Posts: 1
  • Branch: arch
  • Desktop: Gnome 3.8
  • GPU Card: nVidia 560 Ti
  • GPU driver: proprietary blob
  • Kernel: 3.9.2 x86_64
Re: Security: OpenSSH client vulnerability workaround (CVE-2016-0777)
« Reply #2 on: 14. January 2016, 19:48:43 »
Code: [Select]
curl -OL http://DELETED/archlinux/core/os/x86_64/openssh-7.1p2-1-x86_64.pkg.tar.xz && sudo pacman -U openssh-7.1p2-1-x86_64.pkg.tar.xz
[mod edit: deleted]
« Last Edit: 14. January 2016, 20:48:44 by jonathon »

Offline jonathon

  • Core Team
  • *****
  • Posts: 2104
  • Technologist - Teacher - Tea drinker
  • Branch: Unstable
  • Desktop: MATE 1.14
  • GPU Card: Nvidia GTX680M
  • GPU driver: Bumblebee nvidia+intel
  • Kernel: 4.6.0-*-MANJARO x86_64
  • Skill: Advanced
Re: Security: OpenSSH client vulnerability workaround (CVE-2016-0777)
« Reply #3 on: 14. January 2016, 20:48:14 »
@forivall

I know your post was probably well intentioned but installing random (unsigned?) packages from the internet (and over plain HTTP) is ill advised.
--
MSI GT70: Core i7-3630QM, 16GB, Nvidia GTX680M, Intel 2230, Manjaro-MATE-amd64-EFI
Lenovo X230: Core i5-3320M, 4GB, Intel HD4000, Intel 6205, Manjaro-MATE-amd64
Dell Studio 1749: Core i5 540, 8GB, ATi HD5650, Intel WLAN, Manjaro-Xfce-amd64
Let's go in the garden; you'll find something waiting.

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru

Offline jonathon

  • Core Team
  • *****
  • Posts: 2104
  • Technologist - Teacher - Tea drinker
  • Branch: Unstable
  • Desktop: MATE 1.14
  • GPU Card: Nvidia GTX680M
  • GPU driver: Bumblebee nvidia+intel
  • Kernel: 4.6.0-*-MANJARO x86_64
  • Skill: Advanced
Re: Security: OpenSSH client vulnerability workaround (CVE-2016-0777)
« Reply #5 on: 14. January 2016, 22:06:02 »
Nice! I can see the update starting to appear on my systems as repo mirrors sync. :)
« Last Edit: 14. January 2016, 22:10:54 by jonathon »
--
MSI GT70: Core i7-3630QM, 16GB, Nvidia GTX680M, Intel 2230, Manjaro-MATE-amd64-EFI
Lenovo X230: Core i5-3320M, 4GB, Intel HD4000, Intel 6205, Manjaro-MATE-amd64
Dell Studio 1749: Core i5 540, 8GB, ATi HD5650, Intel WLAN, Manjaro-Xfce-amd64
Let's go in the garden; you'll find something waiting.

Offline scachemaille

  • Held Mitglied
  • *****
  • Posts: 528
  • I'm new. Be nice!
  • Branch: Unstable
  • Desktop: Plasma 5
  • GPU Card: nVidia GT 330M
  • GPU driver: Nouveau
  • Kernel: 4.8_x64
  • Skill: Intermediate
Re: Security: OpenSSH client vulnerability workaround (CVE-2016-0777)
« Reply #6 on: 14. January 2016, 22:43:47 »
Nice! I can see the update starting to appear on my systems as repo mirrors sync. :)

is it a fix or just a build with no network support or things like that?

Offline jonathon

  • Core Team
  • *****
  • Posts: 2104
  • Technologist - Teacher - Tea drinker
  • Branch: Unstable
  • Desktop: MATE 1.14
  • GPU Card: Nvidia GTX680M
  • GPU driver: Bumblebee nvidia+intel
  • Kernel: 4.6.0-*-MANJARO x86_64
  • Skill: Advanced
It's the "full" fix as released by the OpenSSH project earlier today, as discussed on http://undeadly.org/cgi?action=article&sid=20160114142733
--
MSI GT70: Core i7-3630QM, 16GB, Nvidia GTX680M, Intel 2230, Manjaro-MATE-amd64-EFI
Lenovo X230: Core i5-3320M, 4GB, Intel HD4000, Intel 6205, Manjaro-MATE-amd64
Dell Studio 1749: Core i5 540, 8GB, ATi HD5650, Intel WLAN, Manjaro-Xfce-amd64
Let's go in the garden; you'll find something waiting.

Offline Lawliet

  • Neuling
  • *
  • Posts: 27
  • Join to the dark side, we have linux
  • Branch: stable
  • Desktop: Xfce
  • GPU Card: AMD Radeon HD 6470M
  • GPU driver: free
  • Kernel: linux41-x64
  • Skill: Novice
Thanks a lot guys! actually the update pops up almost at the same time i was reading the new.Great job  ;)