Security Bulletin: A vulnerability in libssh2 affects PowerKVM (CVE-2016-0787)

Summary PowerKVM is affected by a vulnerability in libssh2. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a...

Security Bulletin: A vulnerability in libssh2 affects IBM Security Network Protection (CVE-2016-0787)

Summary The libssh2 packages provide a library that implements the SSHv2 protocol. A security vulnerability has been discovered in libssh2 used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0787 DESCRIPTION: libssh2 could provide weaker than expected security, caused...

EulerOS 2.0 SP1 : libssh2 (EulerOS-SA-2016-1005)

According to the version of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchan...

Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...

MGASA-2016-0392 Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...

libssh and libssh2: Multiple vulnerabilities

Background libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol on client and server side. Description libssh and libssh2 both have a bits/bytes confusion bug and generate an abnormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key...

Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configure...

Amazon Linux: Security Advisory (ALAS-2016-683)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco IOS Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability (cisco-sa-20150923-sshpk)

A vulnerability in the SSH version 2 SSHv2 protocol implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to bypass user authentication. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Amazon Linux AMI : libssh2 (ALAS-2016-683)

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. C Tenable Network Security, Inc. Th...

Medium: libssh2

Issue Overview: A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. Affected Packages:...

RedHat Update for libssh2 RHSA-2016:0428-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : libssh2 on SL6.x, SL7.x i386/x86_64 (20160310)

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. CVE-2016-0787 After installing thes...

CentOS Update for libssh2 CESA-2016:0428 centos6

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882417";...

CentOS Update for libssh2 CESA-2016:0428 centos7

Check the version of libssh2 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882419";...

libssh2 security update

CentOS Errata and Security Advisory CESA-2016:0428 Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Moderate: Red Hat Security Advisory: libssh2 security update

Updated libssh2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 6 / 7 : libssh2 (RHSA-2016:0428)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0428 advisory. The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemera...

Fedora 22 : libssh2-1.5.0-2.fc22 (2016-7942ee2cc5)

During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than...

Debian Security Advisory DSA 3487-1 (libssh2 - security update)

Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for group order in the Diffie-Hellman negotiation. This weakens significantly the handshake...