This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated libssh2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The libssh2 packages provide a library that implements the SSHv2
A type confusion issue was found in the way libssh2 generated
ephemeral secrets for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods. This would cause an SSHv2
Diffie-Hellman handshake to use significantly less secure random
Red Hat would like to thank Aris Adamantiadis for reporting this
All libssh2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After
installing these updated packages, all running applications using
libssh2 must be restarted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false