All errata/sisyphus/ALT-PU-2017-2001-1
ALT-PU-2017-2001-1

Package update libssh in branch sisyphus

Version0.7.5-alt1.S1
Task#186848
Published2017-08-08
Max severityMEDIUM
Severity:

Closed issues (1)

CVE-2016-0739
MEDIUM5.9

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

Published: 2016-04-13Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References