CSOonline

OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks

Researchers from Qualys found two vulnerabilities that can be combined to bypass the server key verification in OpenSSH clients when the VerifyHostKeyDNS is used, allowing man-in-the-middle attackers ...
Hackaday

This Week In Security: OpenSSH, JumbledPath, And RANsacked

OpenSSH has a newly fixed pair of vulnerabilities, and while neither of them are lighting the Internet on fire, these are each fairly important. 1387 int 1388 sshkey_to_base64(const struct sshkey *key ...
heise online

OpenSSH security update: Attackers can hack into connections

The OpenSSH file transfer software can be attacked via two vulnerabilities. Attackers can trick victims into connecting to a server they control. Even if there are currently no reports of attacks, ...