It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys.
{ "binaries": [ { "binary_name": "openssh-client", "binary_version": "1:6.6p1-2ubuntu2.4" }, { "binary_name": "openssh-server", "binary_version": "1:6.6p1-2ubuntu2.4" }, { "binary_name": "openssh-sftp-server", "binary_version": "1:6.6p1-2ubuntu2.4" }, { "binary_name": "ssh", "binary_version": "1:6.6p1-2ubuntu2.4" }, { "binary_name": "ssh-askpass-gnome", "binary_version": "1:6.6p1-2ubuntu2.4" }, { "binary_name": "ssh-krb5", "binary_version": "1:6.6p1-2ubuntu2.4" } ], "availability": "No subscription required" }
{ "ecosystem": "Ubuntu:14.04:LTS", "cves": [ { "id": "CVE-2016-0777", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "high" } ] }, { "id": "CVE-2016-0778", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ] } ] }