Bug 965875 – VUL-0: CVE-2016-0739: libssh: Weakness in diffie-hellman secret key generation

Bug 965875 - (CVE-2016-0739) VUL-0: CVE-2016-0739: libssh: Weakness in diffie-hellman secret key generation

(CVE-2016-0739)
Summary:	VUL-0: CVE-2016-0739: libssh: Weakness in diffie-hellman secret key generation

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	James McDonough
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2016-0739:5.8:(AV:N...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-02-09 14:53 UTC by Marcus Meissner
Modified:	2016-12-09 17:11 UTC (History)
CC List:	8 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch for SLE11 (1.05 KB, patch) 2016-02-23 16:38 UTC, Aurelien Aptel	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 9 Marcus Meissner 2016-02-24 06:53:05 UTC

is public now

Comment 11 Swamp Workflow Management 2016-03-01 17:22:12 UTC

SUSE-SU-2016:0622-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libssh-0.2-5.22.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    libssh-0.2-5.22.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libssh-0.2-5.22.1

Comment 12 Swamp Workflow Management 2016-03-01 19:12:05 UTC

SUSE-SU-2016:0625-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Workstation Extension 12 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Software Development Kit 12 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libssh-0.6.3-11.1
SUSE Linux Enterprise Desktop 12 (src):    libssh-0.6.3-11.1

Comment 13 Bernhard Wiedemann 2016-03-11 11:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (965875) was mentioned in
https://build.opensuse.org/request/show/369987 13.2 / libssh

Comment 14 Swamp Workflow Management 2016-03-11 14:12:15 UTC

openSUSE-SU-2016:0722-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
openSUSE Leap 42.1 (src):    libssh-0.6.3-10.1

Comment 15 Marcus Meissner 2016-03-24 10:44:17 UTC

released

Comment 16 Swamp Workflow Management 2016-03-24 14:11:35 UTC

openSUSE-SU-2016:0880-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 965875
CVE References: CVE-2016-0739
Sources used:
openSUSE 13.2 (src):    libssh-0.6.3-2.10.1