
CVE-2016-0739 – Weakness in diffie-hellman secret key generation in libssh - howaboutit
https://bugzilla.redhat.com/attachment.cgi?id=1128493
======
howaboutit
Also at -
[https://www.libssh.org/security/advisories/CVE-2016-0739.txt](https://www.libssh.org/security/advisories/CVE-2016-0739.txt)

CVE-2016-0739 libssh: Diffie-Hellman bits/bytes confusion bug
[https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739)

CVE-2016-0787 libssh2: Diffie-Hellman bits/bytes confusion bug
[https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0787](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0787)

Fixed Versions (Debian) libssh:

    
    
      squeeze	0.4.5-3+squeeze3
      wheezy	0.5.4-1+deb7u3
      jessie	0.6.3-4+deb8u2
    

libssh2:

    
    
      squeeze	1.2.6-1+deb6u2
      wheezy	1.4.2-1.1+deb7u2
      jessie	1.4.3-4.1+deb8u1
    

Find your version (libssh2) with:

    
    
      dpkg -l libssh2-1

