Sep 13, 2018

OpenSSH security bug

A newly reported bug affects OpenSSH versions 5.4 through 7.1.  This includes both the OpenBSD-specific and portable versions of OpenSSH. 

This newly revealed bug affects users due to a failed implementation of a feature called roaming, which  was intended to facilitate resuming SSH-connections. 

Although server-side code was never released to support this feature, on the client-side this code was vulnerable to exploitation by a malicious host.  The bug enables a malicious server host to access memory on the client system which could include the ability for the host to access the private client user keys.