CVE-2016-0787

Debian Bug report logs - #815662 libssh2: 2016-0787: Weak Diffie-Hellman secret generation Package: src:libssh2; Maintainer for src:libssh2 is Mikhail Gusarov <dottedmag@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Feb 2016 13:27:15 UTC Severity: grave Tags: fixed-upstream, patch, ...

Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for group order in the Diffie-Hellman negotiation This weakens significantly the handshake security, potentially allowing an eavesdropper with e ...

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters ...

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters ...

SecurityCenter uses third-party libraries to provide certain standardized functionality Two of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to SecurityCenter cURL / libcurl DLL Hijacking Arbitrary Code Execution cURL / l ...