Category Archives : Uncategorized


libssh 0.6.3 (Security release)

This is an important SECURITY and maintenance release in order to address CVE-2014-0017 – PRNG state reuse on forking servers. This bug happens when a SSH server forks on new connections. OpenSSL PRNG does not always detect the change of process (PID collision) and PRNG state may be shared between two successive children. However that bug is greatly mitigated by […]


libssh 0.6.2 (Security release)

This is an important SECURITY and maintenance release in order to address CVE-2014-0017 – PRNG state reuse on forking servers. This bug happens when a SSH server forks on new connections. OpenSSL PRNG does not always detect the change of process (PID collision) and PRNG state may be shared between two successive children. However that bug is greatly mitigated by […]


OpenSSH introduces curve25519-sha256@libssh.org key exchange ! 1

A while back, I introduced a new key exchange mechanism, “curve25519-sha256@libssh.org” in our code base. The reasons were explained together with the specifications. In a nutshell, this key exchange function is based on DJB’s Curve25519 elliptic curve Diffie-Hellman key exchange. This algorithm does not rely on NIST-based curves and gives us more security confidence against a possible backdoor in nistp-256 […]

tmate

libssh 0.5.3 (SECURITY RELEASE) 2

This is an important SECURITY and maintenance release in order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562. CVE-2012-4559 – Fix multiple double free() flaws CVE-2012-4560 – Fix multiple buffer overflow flaws CVE-2012-4561 – Fix multiple invalid free() flaws CVE-2012-4562 – Fix multiple improper overflow checks The double free in sftp_parse_attr_3() could be used for a Denial of Service attack against […]