Lucene search

K
osvGoogleOSV:DLA-425-1
HistoryFeb 23, 2016 - 12:00 a.m.

libssh - security update

2016-02-2300:00:00
Google
osv.dev
15

EPSS

0.004

Percentile

73.4%

Aris Adamantiadis of the libssh team discovered that libssh, an SSH2
protocol implementation used by many applications, did not generate
sufficiently long Diffie-Hellman secrets.

This vulnerability could be exploited by an eavesdropper to decrypt
and to intercept SSH sessions.

For the oldoldstable distribution (squeeze), this has been fixed in
version 0.4.5-3+squeeze3.

For the oldstable (wheezy) and stable (jessie) distributions, this
will be fixed soon.