MiracleLinux 4 : libssh2-1.4.2-2.AXS4.1 (AXSA:2016-135:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-135:01 advisory. libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20,...

MiracleLinux 7 : libssh2-1.4.3-10.el7.1 (AXSA:2016-132:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-132:01 advisory. libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20,...

K21531693: libssh2 vulnerability CVE-2016-0787

Security Advisory Description The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

Security Bulletin: Vulnerabilities in libssh2 affect Power Hardware Management Console (CVE-2016-0787)

Summary libssh2 is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the...

SUSE: Security Advisory (SUSE-SU-2016:0723-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0718-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a vulnerability in libssh2 (CVE-2016-0787)

Summary The following vulnerability in libssh2 has been addressed by IBM Integrated Management Module II IMM2. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1393)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2016-1005)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh2 security update

1.4.2-3.0.1.el610.1 - Orabug: 29909723 Added patch CVE-2019-3862. [email protected] Added Additional length checks to prevent out-of-bounds CVE-2019-3862 1.4.2-3.el610.1 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix integer overflow...

Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt3.M80P.1

1.4.3-alt3.M80P.1 built April 24, 2019 Aleksei Nikiforov in task 227571 April 19, 2019 Aleksei Nikiforov - Fixes: + CVE-2016-0787 Truncated Diffie-Hellman secret length + CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write + CVE-2019-3856 Possible integer overflow...

Security Bulletin: Vulnerability in libssh2 affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0787)

Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter. Vulnerability Details Summary Vulnerability in libssh2 affects IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware and...

Security Bulletin: libssh2 vulnerability affects IBM Identity Security Governance (CVE-2016-0787)

Summary A libssh2 could provide weaker than expected security vulnerability affects IBM Identity Security Governance Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting i...

Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787)

Summary The libssh2 packages provide a library that implements the SSHv2 protocol. A security vulnerability has been discovered in libssh2 used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused...

EulerOS 2.0 SP1 : libssh2 (EulerOS-SA-2016-1005)

According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchan...

Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...

F5 Networks BIG-IP : libssh2 vulnerability (K21531693)

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a 'bits/bytes confusion bug.' CVE-2016-0787 C Tenable Network...

Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.0. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the bundled version of libcurl due to using an insecure pat...

IBM Security Network Protection Multiple Vulnerabilities

IBM Security Network Protection is prone to multiple vulnerabilities. 1. IBM Security Network Protection uses Kerberos krb5 to provide network authentication. The Kerberos krb5 version that is shipped with IBM Security Network Protection contains multiple security vulnerabilities. 2. The libssh2...

SA120 : Truncated Diffie-Hellman Secret Generation in libssh2

SUMMARY Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability. A remote man-in-the-middle MITM attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM...