Date: Sat, 5 Mar 2016 13:09:49 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410177 - head/security/vuxml Message-ID: <201603051309.u25D9noU017735@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Sat Mar 5 13:09:48 2016 New Revision: 410177 URL: https://svnweb.freebsd.org/changeset/ports/410177 Log: Add entry for security/libssh's CVE-2016-0739. This was fixed in r409932, but the 2016Q1 branch is still vulnerable. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Mar 5 12:46:59 2016 (r410176) +++ head/security/vuxml/vuln.xml Sat Mar 5 13:09:48 2016 (r410177) @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="6b3591ea-e2d2-11e5-a6be-5453ed2e2b49"> + <topic>libssh -- weak Diffie-Hellman secret generation</topic> + <affects> + <package> + <name>libssh</name> + <range><lt>0.7.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Andreas Schneider reports:</p> + <blockquote cite="https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/">; + <p>libssh versions 0.1 and above have a bits/bytes confusion bug and + generate the an anormaly short ephemeral secret for the + diffie-hellman-group1 and diffie-hellman-group14 key exchange + methods. The resulting secret is 128 bits long, instead of the + recommended sizes of 1024 and 2048 bits respectively. There are + practical algorithms (Baby steps/Giant steps, Pollard’s rho) that can + solve this problem in O(2^63) operations.</p> + <p>Both client and server are are vulnerable, pre-authentication. + This vulnerability could be exploited by an eavesdropper with enough + resources to decrypt or intercept SSH sessions. The bug was found + during an internal code review by Aris Adamantiadis of the libssh + team.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-0739</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739</url>; + <url>https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/</url>; + </references> + <dates> + <discovery>2016-02-23</discovery> + <entry>2016-03-05</entry> + </dates> + </vuln> + <vuln vid="7d09b9ee-e0ba-11e5-abc4-6fb07af136d2"> <topic>exim -- local privilleges escalation</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603051309.u25D9noU017735>