Security update for libssh2_org
SUSE Security Update: Security update for libssh2_org
Announcement ID: | SUSE-SU-2016:0723-1 |
Rating: | moderate |
References: | #961964 #967026 |
Affected Products: |
An update that solves one vulnerability and has one errata is now available.
Description:
This update for libssh2_org fixes the following issues:
- Add SHA256 support for DH group exchange (fate#320343, bsc#961964)
- fix CVE-2016-0787 (bsc#967026)
* Weakness in diffie-hellman secret key generation lead to much shorter
DH groups then needed, which could be used to retrieve server keys.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-libssh2_org-12445=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-libssh2_org-12445=1
- SUSE Linux Enterprise Desktop 11-SP4:
zypper in -t patch sledsp4-libssh2_org-12445=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- libssh2-devel-1.2.9-4.2.6.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
- libssh2-1-32bit-1.2.9-4.2.6.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64):
- libssh2-1-1.2.9-4.2.6.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ia64):
- libssh2-1-x86-1.2.9-4.2.6.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
- libssh2-1-1.2.9-4.2.6.1
- SUSE Linux Enterprise Desktop 11-SP4 (i586 x86_64):
- libssh2-1-1.2.9-4.2.6.1