Summary: | <net-libs/libssh2-1.7.0 : Wrong calculation of Diffie Helllman secret length (CVE-2016-0787) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon, tim.h.cyrus |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.libssh2.org/adv_20160223.html | ||
Whiteboard: | A4 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2016-02-23 13:20:55 UTC
*** Bug 575484 has been marked as a duplicate of this bug. *** *** Bug 575740 has been marked as a duplicate of this bug. *** Arch teams, please test and mark stable: =net-libs/libssh2-1.7.0 Targeted stable KEYWORDS : alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 Stable for PPC64. Stable for HPPA. amd64 stable Added to existing GLSA. CVE-2016-0787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0787): A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. arm stable x86 stable Stable on alpha. ppc stable sparc stable ia64 stable stable arches complete. @maintainer, please cleanup the vulnerable versions. Added to existing GLSA. This issue was resolved and addressed in GLSA 201606-12 at https://security.gentoo.org/glsa/201606-12 by GLSA coordinator Aaron Bauman (b-man). |