OpenSSH is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information that may aid in further attacks. Releases prior to OpenSSH 2.9p2 are vulnerable.

Updates are available. Please see the references for more information.

• http://www.kb.cert.org/vuls/id/596827
• http://www.openssh.com
• http://www.securityfocus.com/bid/49473

---

Updated on 2015-03-25