RHSA-2016:0428

Affecting libssh2 package, versions <0:1.4.3-10.el7_2.1

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.

CVE
RHSA-2016:0428
Snyk ID
SNYK-CENTOS7-LIBSSH2-279734
Published
27 Jun, 2018