GLSA-201408-03 : LibSSH: Information disclosure
Low Nessus Plugin ID 77112
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201408-03 (LibSSH: Information disclosure)
A new connection inherits the state of the PRNG without re-seeding with random data.
Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode may under certain conditions leak their private key.
There is no known workaround at this time.
SolutionAll LibSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-libs/libssh-0.6.3'