Several security issues were fixed in libssh ...
Debian Bug report logs -
libssh: CVE-2015-3146: null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
Maintainer for src:libssh is Laurent Bigonville <bigon@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, ...
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cbc in libssh before 065 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet ...
Aris Adamantiadis discovered that libssh, a tiny C SSH library,
incorrectly generated a short ephemeral secret for the
diffie-hellman-group1 and diffie-hellman-group14 key exchange methods
The resulting secret is 128 bits long, instead of the recommended sizes
of 1024 and 2048 bits respectively This flaw could allow an
eavesdropper with enough re ...