Bug 965875 (CVE-2016-0739)

Summary: VUL-0: CVE-2016-0739: libssh: Weakness in diffie-hellman secret key generation
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: James McDonough <jmcdonough>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: aaptel, abergmann, asn, jmcdonough, krahmer, lmuelle, meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:RedHat:CVE-2016-0739:5.8:(AV:N/AC:M/Au:N/C:P/I:P/A:N) CVSSv2:SUSE:CVE-2016-0739:5.8:(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patch for SLE11

Comment 9 Marcus Meissner 2016-02-24 06:53:05 UTC 
is public now
Comment 11 Swamp Workflow Management 2016-03-01 17:22:12 UTC 
SUSE-SU-2016:0622-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libssh-0.2-5.22.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    libssh-0.2-5.22.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libssh-0.2-5.22.1
Comment 12 Swamp Workflow Management 2016-03-01 19:12:05 UTC 
SUSE-SU-2016:0625-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Workstation Extension 12 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Desktop 12 (src):    libssh-0.6.3-11.1
Comment 13 Bernhard Wiedemann 2016-03-11 11:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (965875) was mentioned in
https://build.opensuse.org/request/show/369987 13.2 / libssh
Comment 14 Swamp Workflow Management 2016-03-11 14:12:15 UTC 
openSUSE-SU-2016:0722-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
openSUSE Leap 42.1 (src):    libssh-0.6.3-10.1
Comment 15 Marcus Meissner 2016-03-24 10:44:17 UTC 
released
Comment 16 Swamp Workflow Management 2016-03-24 14:11:35 UTC 
openSUSE-SU-2016:0880-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
openSUSE 13.2 (src):    libssh-0.6.3-2.10.1