libssh2 is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs
CVEID: CVE-2016-0787**
DESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0
The following fixes are available on IBM Fix Central
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.8.1.0 SP3
|
MB04008
|
Power HMC
|
V8.8.2.0 SP2
|
MB04009
|
Power HMC
|
V8.8.3.0 SP2
|
MB04011
|
Power HMC
|
V8.8.4.0 SP1
|
MB04012
|
None