From advisory: "During the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would result in the library generating numbers using only an 8th the number of random bits than what were intended: 128 or 256 bits instead of 1023 or 2047" Fix is in libssh 1.7.0.
*** Bug 575484 has been marked as a duplicate of this bug. ***
*** Bug 575740 has been marked as a duplicate of this bug. ***
Arch teams, please test and mark stable: =net-libs/libssh2-1.7.0 Targeted stable KEYWORDS : alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
Stable for PPC64.
Stable for HPPA.
amd64 stable
Added to existing GLSA.
CVE-2016-0787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0787): A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
arm stable
x86 stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable
stable arches complete.
@maintainer, please cleanup the vulnerable versions.
This issue was resolved and addressed in GLSA 201606-12 at https://security.gentoo.org/glsa/201606-12 by GLSA coordinator Aaron Bauman (b-man).