libssh2-1.4.3-10.el7.1
エラータID: AXSA:2016-132:01
Release date:
Friday, March 11, 2016 - 10:09
Subject:
libssh2-1.4.3-10.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).
Security issues fixed with this release:
CVE-2016-0787
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Solution:
Update packages.
CVEs:
CVE-2016-0787
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
Additional Info:
N/A
Download:
SRPMS
- libssh2-1.4.3-10.el7.1.src.rpm
MD5: 563fa5f73497410617c548df678ea517
SHA-256: 2619cf156123b1f60f307104442bcb3ae0872342e39d89aba4d4d6c04d059e71
Size: 702.67 kB
Asianux Server 7 for x86_64
- libssh2-1.4.3-10.el7.1.x86_64.rpm
MD5: 42460c200b856c4d20acffc01d3e98c7
SHA-256: d7284d196082b52a2e8decdce25941e01743fe863197a263c76cda514ba4079a
Size: 132.73 kB - libssh2-1.4.3-10.el7.1.i686.rpm
MD5: 47e88eb07394b11ff29e4f08595ab530
SHA-256: e48646ce008fdd3d0411eade5ad4c0af2507b806c2fd66350782bb7a12a97f95
Size: 132.25 kB
日本語