Debian Security Advisory
DLA-425-1 libssh -- LTS security update
- Date Reported:
- 23 Feb 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-0739.
- More information:
Aris Adamantiadis of the libssh team discovered that libssh, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets.
This vulnerability could be exploited by an eavesdropper to decrypt and to intercept SSH sessions.
For the oldoldstable distribution (squeeze), this has been fixed in version 0.4.5-3+squeeze3.
For the oldstable (wheezy) and stable (jessie) distributions, this will be fixed soon.