"During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047"
Fix is in libssh 1.7.0.
*** Bug 575484 has been marked as a duplicate of this bug. ***
*** Bug 575740 has been marked as a duplicate of this bug. ***
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Stable for PPC64.
Stable for HPPA.
Added to existing GLSA.
A type confusion issue was found in the way libssh2 generated ephemeral
secrets for the diffie-hellman-group1 and diffie-hellman-group14 key
exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use
significantly less secure random parameters.
Stable on alpha.
stable arches complete.
@maintainer, please cleanup the vulnerable versions.
This issue was resolved and addressed in
GLSA 201606-12 at https://security.gentoo.org/glsa/201606-12
by GLSA coordinator Aaron Bauman (b-man).