Info on the specific CVE and Centrify's plan to address.
Question: Is the SSH client bundled with Centrify-enabled OpenSSH affected by vulnerability CVE-2020-15778 and if so how is it being addressed?
Answer: Yes. A security vulnerability exists in the OpenSSH versions currently used in the Centrify OpenSSH package. The National Institute of Standards and Technology (NIST) has given this vulnerability a base score of 7.8 (High).
This will delay us from making a release that addresses this issue. We are considering our alternatives and we need more time given there is no readily available "fix" from OpenSSH. Until then, the current Centrify OpenSSH package (5.7.0) may be used with caution, or in the interim, use rsync as an alternative.