libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There are practical algorithms (Baby steps/Giant steps, Pollard’s rho) that can solve this problem in O(2^63) operations. commit 50920493b9b2de35f9b18577eb55bd0ebe826ce7 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Feb 23 16:01:21 2016 net-libs/libssh: Security bump to version 0.7.3 (CVE-2016-0739). Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
*** This bug has been marked as a duplicate of bug 575474 ***
Was actually too quick there, this would affect both libssh and libssh2 so better track it in separate bugs anyways
I restored keywords for IA64 since I found no evidence that they had been dropped knowingly.
Arch teams, please test and mark stable: =net-libs/libssh-0.7.3 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA PPC64.
amd64 stable
Added to existing GLSA.
CVE-2016-0739 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0739): A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
arm stable
x86 stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
commit ca3613078e0fe6f913bee37728bbf4dd45860a93 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sun Mar 20 17:59:29 2016 net-libs/libssh: Security cleanup (bug #575484). Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Thanks all. Removing kde from cc.
This issue was resolved and addressed in GLSA 201606-12 at https://security.gentoo.org/glsa/201606-12 by GLSA coordinator Aaron Bauman (b-man).