USN-2912-1: libssh vulnerabilities
USN-2912-1: libssh vulnerabilities Ubuntu Security Notice USN-2912-1 23rd February, 2016 libssh vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libssh. Software description libssh – A tiny C SSH library Details Mariusz Ziulek discovered that libssh incorrectly handled certain packets.A remote attacker could possibly use this issue to cause libssh to crash,resulting in a denial of service.(CVE-2015-3146) Aris Adamantiadis discovered that libssh incorrectly generated ephemeralsecret keys of 128 bits instead of the recommended 1024 or 2048 bits whenusing the diffie-hellman-group1 and diffie-hellman-group14 methods. If aremote attacker were able to perform a man-in-the-middle attack, this flawcould be exploited to view sensitive information. (CVE-2016-0739) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libssh-4 0.6.3-3ubuntu3.2 [ more… ]
