Summary ======= A critical client side SSH vulnerability has been discovered and a patched upstream version is released as 7.1p2. We strongly advise to use the following workaround until the upcoming release is rolled out in Arch Linux. This vulnerability is being tracked as CVE-2016-0777.
Workaround ========== Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" work around the issue. References ========== https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034680.html https://www.marc.info/?l=openbsd-tech&m=145278077820529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWl7zoAAoJEPwbVHyNgXLIkXsQAKWTnvnqs+BYMsN84oQqnclt Z8CVYphxfTZllhjigB4oi7lAa4zWgIZCzxJYhfV3t60Nu9qyK1mUo+E/vR+Uv+MK A4mb2RKw+bFl8qWU4yBl23xe3HOgTESuNuc2tbauOcZMDWfuc7QAMr+S1CPzpqEr momijl0NTvD3StE1BKmfxs9s9kY+mgBvSopsnalw4cxzcZZFZ5UU266FIghRcQr3 iTOdgCRjXx7LvAOWZkIR2d4UT3WnydYFmZeg5cWyE1am7OtpaMMtzGDeQdrFFAwB LD6yoK1+1zS2dEH2unWye5rIsbK7uNq0n48MRotYLSr8b/Zd8onSm1u+YnbWshPi 1Tu7ixA1EWUX8dXJXvptQPYmeqy9CO6/GAF3Y83qJP9uz9stbyN5PEgJKmRfMFMG aApigNUYvQwmf43j7NGghIqTk02y1ZJqVqOeIUCbgICGf2xsYromfs+o9BY/bC4P 4W+eandQj7YolKBOeN5pkY8v0QAS1D02z4hLYJTS8ASS4s6fTONmHYJSs/FE/kkE XSXzLRhPjWLTY/eCKyvwhHAFZ49k0PaqFRWWm8u+nLuJqwlyAWPRF/L4hjrlSD1N FQpOM4VlpqtwL5dyiJ6yfQr8onrvfSlt3AfVjEjqbgk/0qOFk0+HiOx7VcXIlLk8 hRZ+ttnrqFcZb4ScOzSk =jJ3c -----END PGP SIGNATURE-----
