Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 575474 (CVE-2016-0787) - <net-libs/libssh2-1.7.0 : Wrong calculation of Diffie Helllman secret length (CVE-2016-0787)
Summary: <net-libs/libssh2-1.7.0 : Wrong calculation of Diffie Helllman secret length ...
Alias: CVE-2016-0787
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A4 [glsa cve]
: 575740 (view as bug list)
Depends on:
Reported: 2016-02-23 13:20 UTC by Hanno Böck
Modified: 2016-06-26 13:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-02-23 13:20:55 UTC
From advisory:
"During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047"

Fix is in libssh 1.7.0.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-23 15:17:35 UTC
*** Bug 575484 has been marked as a duplicate of this bug. ***
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-27 06:56:07 UTC
*** Bug 575740 has been marked as a duplicate of this bug. ***
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-27 07:30:01 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-27 12:13:50 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-02-27 12:43:23 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-02 14:00:25 UTC
amd64 stable
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2016-03-13 11:46:33 UTC
Added to existing GLSA.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-03-13 11:56:26 UTC
CVE-2016-0787 (
  A type confusion issue was found in the way libssh2 generated ephemeral
  secrets for the diffie-hellman-group1 and diffie-hellman-group14 key
  exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use
  significantly less secure random parameters.
Comment 9 Markus Meier gentoo-dev 2016-03-13 12:29:07 UTC
arm stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-03-15 16:43:20 UTC
x86 stable
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2016-03-16 09:23:41 UTC
Stable on alpha.
Comment 12 Agostino Sarubbo gentoo-dev 2016-03-16 12:07:24 UTC
ppc stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-03-19 11:39:37 UTC
sparc stable
Comment 14 Agostino Sarubbo gentoo-dev 2016-03-20 12:03:18 UTC
ia64 stable
Comment 15 Aaron Bauman (RETIRED) gentoo-dev 2016-03-25 13:30:00 UTC
stable arches complete.
Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2016-03-25 13:31:33 UTC
@maintainer, please cleanup the vulnerable versions.
Comment 17 Aaron Bauman (RETIRED) gentoo-dev 2016-06-21 06:29:08 UTC
Added to existing GLSA.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2016-06-26 13:00:45 UTC
This issue was resolved and addressed in
 GLSA 201606-12 at
by GLSA coordinator Aaron Bauman (b-man).