Medium: libssh2

Issue Overview: A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. Affected Packages:...

libssh2 Security Bypass Vulnerability

libssh2 is a client-side C library for implementing the SSH2 protocol. A security vulnerability exists in libssh2 that allows remote attackers to exploit vulnerabilities and cause the SSHv2 Diffie-Hellman handshake to use insecure random parameters...

Scientific Linux Security Update : libssh2 on SL6.x, SL7.x i386/x86_64 (20160310)

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. CVE-2016-0787 After installing thes...

Oracle Linux 6 / 7 : libssh2 (ELSA-2016-0428)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0428 advisory. - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 Tenable has extracted the preceding description block directly from the Oracle Linu...

OracleVM 3.3 / 3.4 : libssh2 (OVMSA-2016-0035)

The remote OracleVM system is missing necessary patches to address critical security updates : - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 - fix basic functionality of libssh2 in FIPS mode 968575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks ...

CentOS 6 / 7 : libssh2 (CESA-2016:0428)

Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CentOS Update for libssh2 CESA-2016:0428 centos6

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882417";...

CentOS Update for libssh2 CESA-2016:0428 centos7

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882419";...

RedHat Update for libssh2 RHSA-2016:0428-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2016-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh2 security update

CentOS Errata and Security Advisory CESA-2016:0428 Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters...

Moderate: Red Hat Security Advisory: libssh2 security update

Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

libssh2 security update

1.4.2-2.el67.1 - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 1.4.2-2 - fix basic functionality of libssh2 in FIPS mode 968575...

Fedora 22 : libssh2-1.5.0-2.fc22 (2016-7942ee2cc5)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...

RHEL 6 / 7 : libssh2 (RHSA-2016:0428)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0428 advisory. The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemera...

Fedora Update for libssh2 FEDORA-2016-7942

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3487-1 (libssh2 - security update)

Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for group order in the Diffie-Hellman negotiation. This weakens significantly the handshake...

Debian: Security Advisory (DSA-3487-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : libssh2-1.6.0-4.fc23 (2016-215a2219b1)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...