{"id":"MGASA-2016-0392","summary":"Updated libssh2 packages fix security vulnerability","details":"Andreas Schneider reported that libssh2 passes the number of bytes to a\nfunction that expects number of bits during the SSHv2 handshake when\nlibssh2 is to get a suitable value for 'group order' in the Diffie-Hellman\nnegotiation. This weakens significantly the handshake security,\npotentially allowing an eavesdropper with enough resources to decrypt or\nintercept SSH sessions (CVE-2016-0787).\n","modified":"2026-01-31T04:09:49.964353Z","published":"2016-11-21T22:18:01Z","related":["CVE-2016-0787"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0392.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17813"},{"type":"REPORT","url":"https://www.libssh2.org/adv_20160223.html"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3487"}],"affected":[{"package":{"name":"libssh2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libssh2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.3-6.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0392.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}