CVE-2016-10011 log

Severity Low
Remote No
Type Information disclosure
It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users.
Group Package Affected Fixed Severity Status Ticket
AVG-110 openssh 7.3p1-2 7.4p1-1 Medium Fixed
Date Advisory Group Package Severity Type
22 Dec 2016 ASA-201612-20 AVG-110 openssh Medium multiple issues