Package : libssh2
Version : 1.2.6-1+deb6u2
CVE ID : CVE-2016-0787
Andreas Schneider reported that libssh2, an SSH2 protocol
implementation used by many applications, did not generate
sufficiently long Diffie-Hellman secrets.
This vulnerability could be exploited by an eavesdropper to decrypt
and to intercept SSH sessions.
For the oldoldstable distribution (squeeze), this has been fixed in
version 1.2.6-1+deb6u2. Although the changelog refers to 'sha256',
this version only supports DH SHA-1 key exchange and it is that key
exchange method that has been fixed.
For the oldstable (wheezy) and stable (jessie) distributions, this
will be fixed soon.
–
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | libssh2-1-dbg | < 1.2.6-1+deb6u2 | libssh2-1-dbg_1.2.6-1+deb6u2_amd64.deb |
Debian | 6 | i386 | libssh2-1 | < 1.2.6-1+deb6u2 | libssh2-1_1.2.6-1+deb6u2_i386.deb |
Debian | 6 | all | libssh2 | < 1.2.6-1+deb6u2 | libssh2_1.2.6-1+deb6u2_all.deb |
Debian | 6 | amd64 | libssh2-1-dev | < 1.2.6-1+deb6u2 | libssh2-1-dev_1.2.6-1+deb6u2_amd64.deb |
Debian | 6 | i386 | libssh2-1-dev | < 1.2.6-1+deb6u2 | libssh2-1-dev_1.2.6-1+deb6u2_i386.deb |
Debian | 6 | amd64 | libssh2-1 | < 1.2.6-1+deb6u2 | libssh2-1_1.2.6-1+deb6u2_amd64.deb |
Debian | 6 | i386 | libssh2-1-dbg | < 1.2.6-1+deb6u2 | libssh2-1-dbg_1.2.6-1+deb6u2_i386.deb |