A buffer-overflow was found in the way OpenSSH client handled roaming connections. This buffer overflow, is present in the default configuration of the OpenSSH client but its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X). This buffer-overflow is not exploitable in the default configuration of OpenSSH package shipped with Red Hat Enterprise Linux.
Acknowledgements: Red Hat would like to thank Qualys for reporting this issue.
Created openssh tracking bugs for this issue: Affects: fedora-all [bug 1298630]
Public now via upstream release 7.1p2: http://www.openssh.com/txt/release-7.1p2
A detailed analysis of this issue was published by Qualys at: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
External References: http://www.openssh.com/txt/release-7.1p2 https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0043 https://rhn.redhat.com/errata/RHSA-2016-0043.html
Created gsi-openssh tracking bugs for this issue: Affects: fedora-all [bug 1298817] Affects: epel-7 [bug 1298818]
gsi-openssh-7.1p2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
gsi-openssh-6.9p1-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
gsi-openssh-6.6.1p1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.