OpenSSH client 的重大安全性更新

CVE-2016-0777 與 CVE-2016-0778 安全性漏洞是關於 OpenSSH client 的部分:(USN-2869-1: OpenSSH vulnerabilities)

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys.

這下除了要更新以外,要重新生 ssh key 然後更新一堆機器了...

One thought on “OpenSSH client 的重大安全性更新”

  1. 路人甲 says:

    "The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers."

    請問一下為什麼需要更新ssh key呢?是怕自己管的機器已經被換成惡意的sshd嗎?

Leave a Reply

Your email address will not be published. Required fields are marked *