Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)


Aspera software is not affected by a bug that has been found in OpenSSH's client software. A bug in the OpenSSH client has been found to create an exploitable information leak, which could allow malicious servers to steal a client's private keys. This issue only affects OpenSSH clients for versions 5.4 - 7.1.

Specifically, the vulnerability occurs in the roaming feature for OpenSSH client, which is by default turned on. See the link below for more information.

CVEID: CVE-2016-0777


Aspera products use their own embedded SSH clients which are run with no options, and ascp does not make use of OpenSSH configurations.

Therefore, this security issue does NOT AFFECT any Aspera products.


Powered by Zendesk