SecurityFocus 在其网站上公布了一个关于 OpenSSH 的漏洞,信息如下:
OpenSSH CVE-2016-10009 远程执行代码漏洞
Bugtraq ID:94968
Class:Unknown
CVE:CVE-2016-10009
Remote:Yes
Local:No
Published:Dec 19 2016 12:00AM
Updated:Dec 20 2016 01:11PM
Credit:Jann Horn of Project Zero.
易受攻击的版本:
OpenSSH OpenSSH 7.3
OpenSSH OpenSSH 7.2p2
OpenSSH OpenSSH 7.2
OpenSSH OpenSSH 7.1p2
OpenSSH OpenSSH 7.1p1
OpenSSH OpenSSH 7.1
OpenSSH OpenSSH 7.0
OpenSSH OpenSSH 6.9p1
OpenSSH OpenSSH 6.9
OpenSSH OpenSSH 6.6
OpenSSH OpenSSH 6.5
OpenSSH OpenSSH 6.4
OpenSSH OpenSSH 6.3
OpenSSH OpenSSH 6.2
OpenSSH OpenSSH 6.1
OpenSSH OpenSSH 6.0
OpenSSH OpenSSH 5.8
OpenSSH OpenSSH 5.7
OpenSSH OpenSSH 5.6
OpenSSH OpenSSH 5.5
OpenSSH OpenSSH 5.4
OpenSSH OpenSSH 5.3
OpenSSH OpenSSH 5.2
OpenSSH OpenSSH 5.1
OpenSSH OpenSSH 5.0
不易受攻击的版本:OpenSSH OpenSSH 7.4
因此,还是建议升级到最新版的 OpenSSH。