OpenSSH security bulletins CVE-2016-0777 & CVE-2016-0778

The OpenSSH project has disclosed two new security issues affecting their OpenSSH client software when connecting to a rogue server.

Affected Products

Coda 1
Coda 2 Terminal and MySQL connections
Transmit 4 (and older versions)

Unaffected Products

Coda 2 file transfers
Code Editor
Transmit for iOS
Prompt
Status Board

Mitigation

Apple will need to release an update to the built-in OpenSSH client software found on Mac OS X. Until then, users can protect themselves by doing the following:

CVE-2016-0777

Open the Terminal application
Type cd ~/.ssh/ and press return
Type open . and press return
Open the file config in TextEdit
At the top of the file add the following line UseRoaming no
Save and close the file

CVE-2016-0778

Disable the use of the following ssh configuration options until the client software is patched:

ProxyCommand
ForwardAgent
ForwardX11

Notice: These options are disabled in a default configuration.

Affected Products

Unaffected Products

Mitigation

CVE-2016-0777

CVE-2016-0778

Your search found these items:

Your search did not match any articles.