Oracle Linux 6 / 7 : libssh2 (ELSA-2016-0428)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-0428 advisory. - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 Tenable has extracted the preceding description block directly from the Oracle Linu...

CentOS Update for libssh2 CESA-2016:0428 centos7

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882419";...

OracleVM 3.3 / 3.4 : libssh2 (OVMSA-2016-0035)

The remote OracleVM system is missing necessary patches to address critical security updates : - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 - fix basic functionality of libssh2 in FIPS mode 968575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks ...

CentOS 6 / 7 : libssh2 (CESA-2016:0428)

Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CentOS Update for libssh2 CESA-2016:0428 centos6

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882417";...

libssh2 security update

CentOS Errata and Security Advisory CESA-2016:0428 Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Moderate: Red Hat Security Advisory: libssh2 security update

Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

libssh2: bits/bytes confusion resulting in truncated Diffie-Hellman secret length

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters...

libssh2 security update

1.4.2-2.el67.1 - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 1.4.2-2 - fix basic functionality of libssh2 in FIPS mode 968575...

Fedora 22 : libssh2-1.5.0-2.fc22 (2016-7942ee2cc5)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...

Fedora Update for libssh2 FEDORA-2016-7942

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : libssh2 (RHSA-2016:0428)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0428 advisory. The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemera...

Debian Security Advisory DSA 3487-1 (libssh2 - security update)

Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for group order in the Diffie-Hellman negotiation. This weakens significantly the handshake...

Debian: Security Advisory (DSA-3487-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : libssh2-1.6.0-4.fc23 (2016-215a2219b1)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...

Fedora Update for libssh2 FEDORA-2016-215

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: libssh2-1.6.0-4.fc23

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

Debian DLA-426-1 : libssh2 security update

Andreas Schneider reported that libssh2, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets. This vulnerability could be exploited by an eavesdropper to decrypt and to intercept SSH sessions. For the oldoldstable distribution...