RHEL 7 : libssh (RHSA-2016:0566)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0566 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: A type confusion...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length

A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters...

openSUSE Security Update : libssh (openSUSE-2016-394)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 This fix was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

Fedora 22 : libssh-0.7.3-1.fc22 (2016-dc9e8da03c)

Fix CVE-2016-0739 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

openSUSE Security Update : libssh (openSUSE-2016-328)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

[SECURITY] Fedora 22 Update: libssh-0.7.3-1.fc22

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Debian Security Advisory DSA 3488-1 (libssh - security update)

Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively...

Debian: Security Advisory (DSA-3488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : libssh -- weak Diffie-Hellman secret generation (6b3591ea-e2d2-11e5-a6be-5453ed2e2b49)

Andreas Schneider reports : libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 102...

SUSE SLED12 Security Update : libssh (SUSE-SU-2016:0625-1)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

Fedora 23 : libssh-0.7.3-1.fc23 (2016-d9f950c779)

Fix CVE-2016-0739 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

SUSE SLED11 Security Update : libssh (SUSE-SU-2016:0622-1)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

SUSE-SU-2016:0625-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

SUSE-SU-2016:0622-1 Security update for libssh

This update for libssh fixes the following issues: CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

Slackware 14.0 / 14.1 / current : libssh (SSA:2016-057-01)

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-057-01. The text itself is copyright C...

[SECURITY] Fedora 23 Update: libssh-0.7.3-1.fc23

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[slackware-security] libssh

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libssh-0.7.3-i486-1slack14.1.txz: Upgraded. Fixed weak key generation. Due to a bug in the ephemeral secret key generation for...

Mageia: Security Advisory (MGASA-2016-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libssh packages fix CVE-2016-0739

Updated libssh packages fix security vulnerability: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the...