CentOS ProjectCESA-2016:0428libssh2 security update
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%
CentOS Errata and Security Advisory CESA-2016:0428
The libssh2 packages provide a library that implements the SSHv2 protocol.
A type confusion issue was found in the way libssh2 generated ephemeral
secrets for the diffie-hellman-group1 and diffie-hellman-group14 key
exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use
significantly less secure random parameters. (CVE-2016-0787)
Red Hat would like to thank Aris Adamantiadis for reporting this issue.
All libssh2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing these
updated packages, all running applications using libssh2 must be restarted
for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-March/083888.html
https://lists.centos.org/pipermail/centos-announce/2016-March/083889.html
Affected packages:
libssh2
libssh2-devel
libssh2-docs
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0428
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 6 | i686 | libssh2 | < 1.4.2-2.el6_7.1 | libssh2-1.4.2-2.el6_7.1.i686.rpm |
| CentOS | 6 | i686 | libssh2-devel | < 1.4.2-2.el6_7.1 | libssh2-devel-1.4.2-2.el6_7.1.i686.rpm |
| CentOS | 6 | i686 | libssh2-docs | < 1.4.2-2.el6_7.1 | libssh2-docs-1.4.2-2.el6_7.1.i686.rpm |
| CentOS | 6 | i686 | libssh2 | < 1.4.2-2.el6_7.1 | libssh2-1.4.2-2.el6_7.1.i686.rpm |
| CentOS | 6 | x86_64 | libssh2 | < 1.4.2-2.el6_7.1 | libssh2-1.4.2-2.el6_7.1.x86_64.rpm |
| CentOS | 6 | i686 | libssh2-devel | < 1.4.2-2.el6_7.1 | libssh2-devel-1.4.2-2.el6_7.1.i686.rpm |
| CentOS | 6 | x86_64 | libssh2-devel | < 1.4.2-2.el6_7.1 | libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm |
| CentOS | 6 | x86_64 | libssh2-docs | < 1.4.2-2.el6_7.1 | libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm |
| CentOS | 7 | i686 | libssh2 | < 1.4.3-10.el7_2.1 | libssh2-1.4.3-10.el7_2.1.i686.rpm |
| CentOS | 7 | x86_64 | libssh2 | < 1.4.3-10.el7_2.1 | libssh2-1.4.3-10.el7_2.1.x86_64.rpm |
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%