unsubscribe André Pen Geotrack Telematics BV
www.geotrack.nl / www.geotrack.com [email protected] tel. +31 513 613 513 gsm. +31 6 54 36 20 50 2016-02-23 17:37 GMT+01:00 Salvatore Bonaccorso <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3488-1 [email protected] > https://www.debian.org/security/ Salvatore Bonaccorso > February 23, 2016 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : libssh > CVE ID : CVE-2016-0739 > Debian Bug : 815663 > > Aris Adamantiadis discovered that libssh, a tiny C SSH library, > incorrectly generated a short ephemeral secret for the > diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. > The resulting secret is 128 bits long, instead of the recommended sizes > of 1024 and 2048 bits respectively. This flaw could allow an > eavesdropper with enough resources to decrypt or intercept SSH sessions. > > For the oldstable distribution (wheezy), this problem has been fixed in > version 0.5.4-1+deb7u3. This update also includes fixes for > CVE-2014-8132 and CVE-2015-3146, which were previously scheduled for the > next wheezy point release. > > For the stable distribution (jessie), this problem has been fixed in > version 0.6.3-4+deb8u2. > > We recommend that you upgrade your libssh packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJWzIqnAAoJEAVMuPMTQ89E2MYP/1R6FfgJqP6LNxmk9jmb2Uz6 > CSgrEiET/9m8NIV/3f5HP9L8Cwm81MLAZ7MsIQKHzmMBiFs/RW5iMGbQQAE/J5Tx > EkhgngcoA2dgWh/5J0nOaFZJ+XuihKUKYqHxsZRBMNW+YULcE9PT+WsjfBqov49m > FOfwNSlkochCmaWIYTlhL6NbhU3KWjhiG80w/EH8u8T6HZnNo2DbzlR8qizsJ+qj > 6d3gGGwbANWdNB+B/9P4iohgsfPoEPjo1yoipKFuw3SJBOeWHxHnFbHfK4U8UJ/f > cI4faiLNAp/pR2peGpL6Ipl7fBsUgnIoycBKJeR9qrCe+GsM61zmGaWWERIsvgPc > t07PVVm/c1CNYuFmT6NEak6UdleOg8gNHAoVq1PnL+CaUgngFFbLeWO2teWg2MLF > L9DasjwRaRB8Wr1fQleX2njH9v6PYwxBYkKXguAY2CG3aUSr64iJL8lbHqB9MA1f > BSYGYuKKQUDY1AVJXa0FJaKJhS9NME3KdgGJbItTrf0dbWNx8TJYVb7K+1G8MDVW > KXxHSacszpIJaP5/4+SDWLewd6RSvrO/rGh3/md4YZo7OmDthrLKU4lDQ3PKbFAb > Nb9wBymWe2JT4SvofexHLtr24bYMg16M0PzQKmqzETd6WGjMv5OkYRkUU5TzWIXo > KxbOPS/xcIXBN1s/9Xx+ > =30hF > -----END PGP SIGNATURE----- > >
