[security-announce] libssh2: CVE-2016-0787: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Wed Mar 9 07:26:25 CET 2016


	Enea Linux Security Advisory

=========================================================
Product/package: libssh2 1.4.3/ Enea Linux 5.0
Severity: Medium
CVE Name: CVE-2016-0787
Layer: meta
=========================================================

This security update fixes bits/bytes confusion resulting in truncated
Diffie-Hellman secret length.

Description:
During the SSHv2 handshake when libssh2 is to get a suitable value for
'group order' in the Diffle Hellman negotiation, it would pass in number
of bytes to a function that expected number of bits. This would result
in the library generating numbers using only an 8th the number of random
bits than what were intended: 128 or 256 bits instead of 1023 or 2047

Using such drastically reduced amount of random bits for Diffie Hellman
weakended the handshake security significantly.

There are no known exploits of this flaw at this time.

References:
https://www.libssh2.org/adv_20160223.html

Reference to upstream patch:
https://www.libssh2.org/CVE-2016-0787.patch

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/meta-openembedded.git/patch/?id=f6f328f5d40e8d135fe1251ca13e2e521dd6aebf

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160309/1b985ea6/attachment.sig>


More information about the security-announce mailing list