CVE-2016-0777

Priority
High
Description
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x,
6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive
information from process memory by requesting transmission of an entire
buffer, as demonstrated by reading a private key.
References
Assigned-to
mdeslaur
Package
Upstream:released (7.1p2)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:5.9p1-5ubuntu1.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:6.6p1-2ubuntu2.4)
Ubuntu Touch 15.04:released (1:6.7p1-5ubuntu1.4)
Ubuntu Core 15.04:released (1:6.7p1-5ubuntu1.4)
Ubuntu 15.10 (Wily Werewolf):released (1:6.9p1-2ubuntu0.1)
Ubuntu 16.04 (Xenial Xerus):not-affected (1:7.1p2-2)
More Information

Updated: 2016-03-23 03:42:33 UTC (commit 10817)