USN-2912-1 libssh vulnerabilities

Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. CVE-2015-3146 Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits...

[SECURITY] [DLA 425-1] libssh security update

Package : libssh Version : 0.4.5-3+squeeze3 CVE ID : CVE-2016-0739 Aris Adamantiadis of the libssh team discovered that libssh, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets. This vulnerability could be...

DLA-425-1 libssh - security update

Bulletin has no description...

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...

DSA-3488-1 libssh - security update

Bulletin has no description...

libssh -- weak Diffie-Hellman secret generation

Andreas Schneider reports: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024...

SUSE SLED12 Security Update : libssh (SUSE-SU-2015:1707-2)

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages. Note that Tenable Network Security has extracted the preceding descripti...

SUSE-SU-2015:1707-1 Security update for libssh

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...

SUSE-SU-2015:1707-2 Security update for libssh

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...

Gentoo Security Advisory GLSA 201402-26

Gentoo Linux Local Security Checks GLSA 201402-26 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201408-03

Gentoo Linux Local Security Checks GLSA 201408-03 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Fedora 22 : libssh-0.7.1-1.fc22 (2015-10962)

Update to version 0.7.1 Add patch to fix undefined symbol: sshforwardlisten bug 1221310 Update to version 0.7.0 Security fix for CVE-2015-3146 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora Update for libssh FEDORA-2015-10962

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 9 package libssh version 0.6.5-alt1

June 17, 2015 Sergey V Turchin 0.6.5-alt1 - new version - security fix: CVE-2015-3146...

Security fix for the ALT Linux 7 package libssh version 0.6.5-alt1

June 17, 2015 Sergey V Turchin 0.6.5-alt1 - new version - security fix: CVE-2015-3146...

Security fix for the ALT Linux 8 package libssh version 0.6.5-alt1

June 17, 2015 Sergey V Turchin 0.6.5-alt1 - new version - security fix: CVE-2015-3146...

Fedora Update for libssh FEDORA-2015-7590

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 Security Update : libssh (SUSE-SU-2014:1731-1)

This libssh update fixes the following security issue : - bsc910790: Double free on dangling pointers in initial key exchange packet CVE-2014-8132. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Fedora 21 : libssh-0.6.5-1.fc21 (2015-7590)

Security fix for CVE-2015-3146 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

openSUSE Security Update : libssh (openSUSE-2015-355)

libssh was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3146: Specially crafted packages inserted into a connection could have lead to a client or server process crash via a NULL pointer dereference. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...