|
|
CVE-2016-0777
An information leak (memory disclosure) can be exploited by a rogue
SSH server to trick a client into leaking sensitive data from the
client memory, including for example private keys.
CVE-2016-0778
A buffer overflow (leading to file descriptor leak), can also be
exploited by a rogue SSH server, but due to another bug in the code
is possibly not exploitable, and only under certain conditions (not
the default configuration), when using ProxyCommand, ForwardAgent or
ForwardX11.
fixes #5017
|
