Summary: | <net-libs/libssh-0.7.3: Wrong calculation of Diffie Hellman secret length (CVE-2016-0739) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/ | ||
Whiteboard: | A4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2016-02-23 15:08:50 UTC
*** This bug has been marked as a duplicate of bug 575474 *** Was actually too quick there, this would affect both libssh and libssh2 so better track it in separate bugs anyways I restored keywords for IA64 since I found no evidence that they had been dropped knowingly. Arch teams, please test and mark stable: =net-libs/libssh-0.7.3 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA PPC64. amd64 stable Added to existing GLSA. CVE-2016-0739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0739): A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. arm stable x86 stable Stable on alpha. ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. commit ca3613078e0fe6f913bee37728bbf4dd45860a93 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sun Mar 20 17:59:29 2016 net-libs/libssh: Security cleanup (bug #575484). Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Thanks all. Removing kde from cc. This issue was resolved and addressed in GLSA 201606-12 at https://security.gentoo.org/glsa/201606-12 by GLSA coordinator Aaron Bauman (b-man). |