Critical Vulnerability Information 001: SECURITY FIX (August 30, 2015) - A logic error in PermitRootLogin causes "prohibit-password" to be insecure. - Use "no" or apply the patch. 004: SECURITY FIX (October 1, 2015) - Fixed multiple reliability and security issues in : - Local and remote users could cause to crash or stop service. - A buffer overflow could allow local users to cause crashes or potentially execute arbitrary code. - A use-after-free vulnerability could allow remote attackers to cause crashes or execute arbitrary code. 010: SECURITY FIX (January 14, 2016) - Experimental roaming code in ssh client could be tricked by malicious sshd servers, leading to key material leakage. - Add in to prevent this issue. 011: SECURITY FIX (March 10, 2016) - Inadequate credential cleanup allows command injection into . - Disable the default-disabled "X11Forwarding" feature to prevent this issue. 013: SECURITY FIX (May 3, 2016) - Fixed issues in , including memory corruption, padding oracle, heap overflow, etc. 014: SECURITY FIX (May 17, 2016) - Insufficient checks in during V4L2 ioctl handling lead to kernel memory leakage. 020: SECURITY FIX (July 14, 2016) - extension may overcommit resources and cause system crashes. 027: SECURITY FIX (August 6, 2016) - Perl module loading fails if not found in current working directory; refer to announcement.