vulnerability

RHSA-2016:0428: libssh2 security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Mar 10, 2016	Mar 10, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Mar 10, 2016

Added

Mar 10, 2016

Modified

Oct 30, 2017

Description

The libssh2 packages provide a library that implements the SSHv2 protocol.A type confusion issue was found in the way libssh2 generated ephemeralsecrets for the diffie-hellman-group1 and diffie-hellman-group14 keyexchange methods. This would cause an SSHv2 Diffie-Hellman handshake to usesignificantly less secure random parameters. (CVE-2016-0787)Red Hat would like to thank Aris Adamantiadis for reporting this issue.All libssh2 users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing theseupdated packages, all running applications using libssh2 must be restartedfor this update to take effect.

Solution(s)

redhat-upgrade-libssh2redhat-upgrade-libssh2-debuginforedhat-upgrade-libssh2-develredhat-upgrade-libssh2-docs

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today