Test ID:	1.3.6.1.4.1.25623.1.0.882419
Category:	CentOS Local Security Checks
Title:	CentOS Update for libssh2 CESA-2016:0428 centos7
Summary:	Check the version of libssh2
Description:	Summary: Check the version of libssh2 Vulnerability Insight: The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. Affected Software/OS: libssh2 on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0787 BugTraq ID: 82514 http://www.securityfocus.com/bid/82514 Debian Security Information: DSA-3487 (Google Search) http://www.debian.org/security/2016/dsa-3487 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177980.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178573.html https://security.gentoo.org/glsa/201606-12 SuSE Security Announcement: openSUSE-SU-2016:0639 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00008.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.