VYPR

rpm package

suse/libssh&distro=SUSE Linux Enterprise Workstation Extension 12

pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012

Vulnerabilities (2)

  • CVE-2016-0739MedApr 13, 2016
    affected < 0.6.3-11.1fixed 0.6.3-11.1

    libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vecto

  • CVE-2015-3146HigApr 13, 2016
    affected < 0.6.3-8.1fixed 0.6.3-8.1

    The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.