Portable OpenSSH 7.2p2 has just been released. It will be available from the mirrors listed at www.openssh.com shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time.
This release fixes a security bug:
- sshd(8): sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled.
Full details of the vulnerability are available at: http://www.openssh.com/txt/x11fwd.adv