# OpenSSH: client bug CVE-2016-0777



## shepherdAZ (Jan 14, 2016)

Heads up on what looks like an important OpenSSH issue (all the OpenBSD devs I follow are tweeting):

http://undeadly.org/cgi?action=article&sid=20160114142733&mode=expanded&count=0

Interim workaround:

```
# echo 'UseRoaming no' >> /etc/ssh/ssh_config
```


----------



## local (Jan 14, 2016)

When security patch for FreeBSD will be released ? 

Anybody know ? 

For OpenBSD and Debian are.

Cheers.


----------



## shepherdAZ (Jan 14, 2016)

local said:


> When security patch for FreeBSD will be released ?
> 
> Anybody know ?
> 
> ...



The version of OpenSSH in Ports has been updated (see: https://svnweb.freebsd.org/ports?view=revision&revision=406123), no Security Advisory for base has yet been issued to my knowledge.


----------



## kpa (Jan 15, 2016)

A security advisory was just released:

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:07.openssh.asc


----------



## _martin (Jan 15, 2016)

And some more detailed info about it: https://www.qualys.com/2016/01/14/c...-0778/openssh-cve-2016-0777-cve-2016-0778.txt


----------

