Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...

OpenSSH on Friday dropped a patch for a vulnerability that could expose files to theft and manipulation. The flaw affects all versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled, the OpenSSH project said in its advisory. Unpatched versions of OpenSSH don’t properly sanitize input and can be abused to inject commands to xauth. “Injection...