Reported by Qualys, the two vulnerabilities let an attacker peek into the memory of a client that’s connecting to a secure server. Among the items that could be sniffed out this way are user keys.
The problem affects OpenSSH versions 5.4 through 7.1. Version 5.4 dates back to 2010, so the problem has lingered for years, unnoticed (or, at least, undisclosed by anyone who did notice).
It stems from an experiment that lets users resume an interrupted connection. The server side of this experiment was never shipped, but the client side remained. That’s the chunk of code that turns out to be exploitable — and it’s turned on by default.
Patches are emerging today for various UNIX-like operating systems. In the meantime, users can skirt the problem by turning off roaming on the SSH client; instructions for doing so can be found here.
The vulnerabilities have been assigned the formal names of CVE-2016-0777 and CVE-2016-0778.