OpenSSH – Information-leak vulnerability (CVE-2016-0777)

16. January 2016 Hot News, SysAdmin 0
OpenSSH – Information-leak vulnerability (CVE-2016-0777)


Since version 5.4, the OpenSSH client supports an undocumented feature called roaming. If a connection to an SSH server breaks unexpectedly, and if the SSH server supports roaming as well, the client is able to reconnect to the server and resume the interrupted SSH session. The roaming feature is enabled by default in OpenSSH clients, even though no OpenSSH server version implements the roaming feature.

  • RHEL / CentOS 4, 5 and 6 are not affected by this flow.
  • If you are using RHEL 7 / CentOS 7 with OpenSSH 6.4 you need to update it to OpenSSH 6.6 latest as soon as possible.


Red Hat Article Link
Fixed version details

0 0 votes
Article Rating

Notify of
Inline Feedbacks
View all comments