[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 425-1] libssh security update

Package        : libssh
Version        : 0.4.5-3+squeeze3
CVE ID         : CVE-2016-0739

Aris Adamantiadis of the libssh team discovered that libssh, an SSH2
protocol implementation used by many applications, did not generate
sufficiently long Diffie-Hellman secrets.

This vulnerability could be exploited by an eavesdropper to decrypt
and to intercept SSH sessions.

For the oldoldstable distribution (squeeze), this has been fixed in
version 0.4.5-3+squeeze3.

For the oldstable (wheezy) and stable (jessie) distributions, this
will be fixed soon.

Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: