Oval Definition:oval:com.redhat.rhsa:def:20160428
Revision Date:2016-03-10Version:636
Title:RHSA-2016:0428: libssh2 security update (Moderate)
Description:The libssh2 packages provide a library that implements the SSHv2 protocol.

  • A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787)

    Red Hat would like to thank Aris Adamantiadis for reporting this issue.

    All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-0787
    RHSA-2016:0428
    RHSA-2016:0428-00
    RHSA-2016:0428-01
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • libssh2 is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2 is signed with Red Hat redhatrelease2 key
  • libssh2-devel is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2-devel is signed with Red Hat redhatrelease2 key
  • libssh2-docs is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2-docs is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libssh2 is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2 is signed with Red Hat redhatrelease2 key
  • libssh2-devel is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2-devel is signed with Red Hat redhatrelease2 key
  • libssh2-docs is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2-docs is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • libssh2 is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2 is signed with Red Hat redhatrelease2 key
  • libssh2-devel is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2-devel is signed with Red Hat redhatrelease2 key
  • libssh2-docs is earlier than 0:1.4.2-2.el6_7.1
  • AND libssh2-docs is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • libssh2 is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2 is signed with Red Hat redhatrelease2 key
  • libssh2-devel is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2-devel is signed with Red Hat redhatrelease2 key
  • libssh2-docs is earlier than 0:1.4.3-10.el7_2.1
  • AND libssh2-docs is signed with Red Hat redhatrelease2 key
    • BACK