Scientific Linux Security Update : libssh2 on SL6.x, SL7.x i386/x86_64
Medium Nessus Plugin ID 89863
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787)
After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
SolutionUpdate the affected packages.