All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Upgrade libssh (CVE-2016-0739)
=======================================================================
== Subject: Weakness in diffie-hellman secret key generation
== CVE ID#: CVE-2016-0739
== Versions: All versions of libssh 0.1 and later
== Summary: Due to a bug in the ephemeral secret key generation for
== the diffie-hellman-group1 and diffie-hellman-group14
== methods, ephemeral secret keys of size 128 bits are
== generated, instead of the recommended sizes of 1024 and== 2048 bits, giving a practical security of 63 bits.
== This vulnerability could be exploited by an eavesdropper
== with enough resources to decrypt or intercept SSH
== sessions.== No authentication is required.
=======================================================================
===========
Description
libssh versions 0.1 and above have a bits/bytes confusion bug and generate the
an anormaly short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes of 1024
and 2048 bits respectively. There are practical algorithms (Baby steps/Giant
steps, Pollard's rho) that can solve this problem in O(2^63) operations.Both client and server are are vulnerable, pre-authentication.
This vulnerability could be exploited by an eavesdropper with enough resources
to decrypt or intercept SSH sessions.The bug was found during an internal code review by Aris Adamantiadis of the
libssh team.==================
Patch Availability
Patches addressing the issue have been posted to:
https://www.libssh.org/
libssh version 0.7.3 has been released to address this issue.
==========
Workaround
This issue may be worked around by using other key exchange methods, such as
[email protected] or ecdh-sha2-nistp256, both are not vulnerable.
By default, an unpatched libssh implementation will already attempt to use
these two more secure methods when supported by the other party.=======
Credits
The bug was found during code review by Aris Adamantiadis.
Patches are provided by the libssh team.
==========================================================
== The libssh team
Comments
Debian security tracker:
Is this Debian flavours only?
No. I linked to the Debian security tracker because I prefer their interface for CVE's. If you go to the Debian links above, they provide links to other distributions (under "Source").
Thanks, didn't see that small line.
Should you have configuration that does not accept Diffe-Hellman, this vulnerability does not affect you, though you should always keep up to date.