SUSE SLED12 Security Update : libssh (SUSE-SU-2016:0625-1)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

SUSE SLED11 Security Update : libssh (SUSE-SU-2016:0622-1)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

Fedora 23 : libssh-0.7.3-1.fc23 (2016-d9f950c779)

Fix CVE-2016-0739 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

SUSE-SU-2016:0625-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

SUSE-SU-2016:0622-1 Security update for libssh

This update for libssh fixes the following issues: CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875...

Slackware 14.0 / 14.1 / current : libssh (SSA:2016-057-01)

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-057-01. The text itself is copyright C...

[SECURITY] Fedora 23 Update: libssh-0.7.3-1.fc23

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[slackware-security] libssh

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libssh-0.7.3-i486-1slack14.1.txz: Upgraded. Fixed weak key generation. Due to a bug in the ephemeral secret key generation for...

Mageia: Security Advisory (MGASA-2016-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libssh packages fix CVE-2016-0739

Updated libssh packages fix security vulnerability: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the...

MGASA-2016-0082 Updated libssh packages fix CVE-2016-0739

Updated libssh packages fix security vulnerability: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the...

Debian DLA-425-1 : libssh security update

Aris Adamantiadis of the libssh team discovered that libssh, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets. This vulnerability could be exploited by an eavesdropper to decrypt and to intercept SSH sessions. For the oldoldstabl...

Debian DSA-3488-1 : libssh - security update

Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively...

Ubuntu 14.04 LTS : libssh vulnerabilities (USN-2912-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2912-1 advisory. Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash,...

Ubuntu: Security Advisory (USN-2912-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 3488-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3488-1] libssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3488-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq -...

CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...

UBUNTU-CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...

USN-2912-1: libssh vulnerabilities

Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. CVE-2015-3146 Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits...