Detections
Analytics
openSUSE Security Update : libssh2_org (openSUSE-2016-388)
medium Nessus Plugin ID 90166
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update for libssh2_org fixes the following issues :Security issue fixed :
- CVE-2016-0787 (bsc#967026): Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys.
A feature was added :
- Support of SHA256 digests for DH group exchanges was added (fate#320343, bsc#961964)
Bug fixed :
- Properly detect EVP_aes_128_ctr at configure time (bsc#933336)
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected libssh2_org packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=933336
Plugin Details
Severity: Medium
ID: 90166
File Name: openSUSE-2016-388.nasl
Version: 2.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/25/2016
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libssh2-1, p-cpe:/a:novell:opensuse:libssh2-1-32bit, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libssh2-devel, p-cpe:/a:novell:opensuse:libssh2_org-debugsource, cpe:/o:novell:opensuse:42.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 3/24/2016
Reference Information
CVE: CVE-2016-0787