Wind River Support Network

HomeDefectsLIN6-11097

Fixed

LIN6-11097 : Security Advisory - libssh2 - CVE-2016-0787

Created: Apr 19, 2016 Updated: Dec 3, 2018

Resolved Date: Apr 19, 2016

Previous ID: LIN5-21356

Found In Version: 6.0.0.29

Fix Version: 6.0.0.30

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

Steps to Reproduce

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38