RHEL 7 : libssh (RHSA-2016:0566)
Medium Nessus Plugin ID 90302
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for libssh is now available for Red Hat Enterprise Linux 7 Extras.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es) :
* A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0739)
Red Hat would like to thank Aris Adamantiadis for reporting this issue.
SolutionUpdate the affected libssh, libssh-debuginfo and / or libssh-devel packages.