RHSA-2016:0043: openssh security update

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.These packages include the core files necessary for both the OpenSSH clientand server.An information leak flaw was found in the way the OpenSSH client roamingfeature was implemented. A malicious server could potentially use this flawto leak portions of memory (possibly including private SSH keys) of asuccessfully authenticated OpenSSH client. (CVE-2016-0777)A buffer overflow flaw was found in the way the OpenSSH client roamingfeature was implemented. A malicious server could potentially use this flawto execute arbitrary code on a successfully authenticated OpenSSH client ifthat client used certain non-default configuration options. (CVE-2016-0778)Red Hat would like to thank Qualys for reporting these issues.All openssh users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the OpenSSH server daemon (sshd) will be restarted automatically.