1 post

libssh 0.7.3 (security and bugfix release)

This is an important SECURITY and maintenance release in order to address CVE-2016-0739 – Bits/bytes confusion resulting in truncated Difffie-Hellman secret length. libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes […]