Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...

OpenSSH today released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in separate advisories. Qualys’ security...