untrusted comment: signature from openbsd 5.7 base secret key
RWSvUZXnw9gUb3Vs1F4qjsTjbNnrgMAi2bE71NQ9TArEK+zdpKcJAbiNickc0kd2YVETE4wx4/FS6l6NdUmKWwQ9juK7EF3DLwE=

OpenBSD 5.7 errata 22, Jan 14, 2016:

Experimental roaming code in the ssh client could be tricked by a
hostile sshd server, potentially leaking key material.
CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.

Apply by doing:
   signify -Vep /etc/signify/openbsd-57-base.pub -x 022_ssh.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install sshd:
   cd /usr/src/usr.bin/ssh
   make obj
   make depend
   make
   make install

Index: usr.bin/ssh/readconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.232
diff -u -p -r1.232 readconf.c
--- usr.bin/ssh/readconf.c      16 Feb 2015 22:13:32 -0000      1.232
+++ usr.bin/ssh/readconf.c      13 Jan 2016 23:16:03 -0000
@@ -1648,7 +1648,7 @@ initialize_options(Options * options)
       options->tun_remote = -1;
       options->local_command = NULL;
       options->permit_local_command = -1;
-       options->use_roaming = -1;
+       options->use_roaming = 0;
       options->visual_host_key = -1;
       options->ip_qos_interactive = -1;
       options->ip_qos_bulk = -1;
@@ -1821,8 +1821,7 @@ fill_default_options(Options * options)
               options->tun_remote = SSH_TUNID_ANY;
       if (options->permit_local_command == -1)
               options->permit_local_command = 0;
-       if (options->use_roaming == -1)
-               options->use_roaming = 1;
+       options->use_roaming = 0;
       if (options->visual_host_key == -1)
               options->visual_host_key = 0;
       if (options->ip_qos_interactive == -1)
Index: usr.bin/ssh/ssh.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.416
diff -u -p -r1.416 ssh.c
--- usr.bin/ssh/ssh.c   3 Mar 2015 06:48:58 -0000       1.416
+++ usr.bin/ssh/ssh.c   13 Jan 2016 23:16:03 -0000
@@ -1879,9 +1879,6 @@ ssh_session2(void)
                       fork_postauth();
       }

-       if (options.use_roaming)
-               request_roaming();
-
       return client_loop(tty_flag, tty_flag ?
           options.escape_char : SSH_ESCAPECHAR_NONE, id);
}

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.