OpenSSH: Client Information leak from use of roaming connection feature (CVE-2016-0777)

An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.

How to fix the isssue

Upgrade the openssh packages to the latest version. You can find the details below:

For Debian:-

You can check this link for more details:- 

For Ubuntu:- 

You can check this link for more details:-

__For Manual fixes or Mitigation:- 

On Linux

[color-box color=“green”]

<code>echo 'UseRoaming no' | sudo tee -a /etc/ssh/ssh_config
</code>

[/color-box]

On Mac OSX

 [color-box color=“green”]

echo "UseRoaming no" >> ~/.ssh/config

[/color-box]