CVE-2016-0739

NameCVE-2016-0739
Descriptionlibssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-425-1, DSA-3488-1
Debian Bugs815663

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libssh (PTS)buster0.8.7-1+deb10u1fixed
buster (security)0.8.7-1+deb10u2fixed
bullseye (security), bullseye0.9.8-0+deb11u1fixed
bookworm, bookworm (security)0.10.6-0+deb12u1fixed
sid, trixie0.10.6-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsshsourcesqueeze0.4.5-3+squeeze3DLA-425-1
libsshsourcewheezy0.5.4-1+deb7u3DSA-3488-1
libsshsourcejessie0.6.3-4+deb8u2DSA-3488-1
libsshsource(unstable)0.6.3-4.3815663

Notes

Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
Search for package or bug name: Reporting problems