Moderate CentOS libssh2 Security Update

Metadata

medium
4.3
libssh2-1.4.2-2.el6_7.1.i686.rpm, libssh2-1.4.2-2.el6_7.1.src.rpm, libssh2-1.4.2-2.el6_7.1.x86_64.rpm, libssh2-1.4.3-10.el7_2.1.i686.rpm, libssh2-1.4.3-10.el7_2.1.src.rpm, libssh2-1.4.3-10.el7_2.1.x86_64.rpm, libssh2-devel-1.4.2-2.el6_7.1.i686.rpm, libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm, libssh2-devel-1.4.3-10.el7_2.1.i686.rpm, libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm, libssh2-docs-1.4.2-2.el6_7.1.i686.rpm, libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm, libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm
CVE-2016-0787
rhn.redhat.com, lists.centos.org, lists.centos.org
2016-03-10
2017-07-27 19:10
v3.4/main/libssh2-1.7.0-r0
ALAS-2016-683
CVE-2016-0787 libssh2
CVE-2016-0787
2017-04-01 19:09
2017-01-05 20:13

Description


Updated libssh2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The libssh2 packages provide a library that implements the SSHv2 protocol.

A type confusion issue was found in the way libssh2 generated ephemeral
secrets for the diffie-hellman-group1 and diffie-hellman-group14 key
exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use
significantly less secure random parameters. (CVE-2016-0787)

Red Hat would like to thank Aris Adamantiadis for reporting this issue.

All libssh2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing these
updated packages, all running applications using libssh2 must be restarted
for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libssh2 libssh2-1.4.2-2.el6_7.1.i686.rpm
libssh2 libssh2-1.4.2-2.el6_7.1.src.rpm
libssh2 libssh2-1.4.2-2.el6_7.1.x86_64.rpm
libssh2-devel libssh2-devel-1.4.2-2.el6_7.1.i686.rpm
libssh2-devel libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm
libssh2-docs libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm
libssh2-docs libssh2-docs-1.4.2-2.el6_7.1.i686.rpm
7 libssh2 libssh2-1.4.3-10.el7_2.1.x86_64.rpm
libssh2 libssh2-1.4.3-10.el7_2.1.i686.rpm
libssh2 libssh2-1.4.3-10.el7_2.1.src.rpm
libssh2-devel libssh2-devel-1.4.3-10.el7_2.1.i686.rpm
libssh2-devel libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm
libssh2-docs libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm