[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2016:0428-01 -- Redhat libssh2

ID: oval:org.secpod.oval:def:501776Date: (C)2016-03-15   (M)2023-07-28
Class: PATCHFamily: unix




The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.

Platform:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Product:
libssh2
Reference:
RHSA-2016:0428-01
CVE-2016-0787
CVE    1
CVE-2016-0787
CPE    3
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:6
cpe:/a:libssh2:libssh2

© SecPod Technologies