Lucene search
Gentoo FoundationGLSA-201408-03HistoryAug 10, 2014 - 12:00 a.m.
LibSSH: Information disclosure
2014-08-1000:00:00
Gentoo Foundation
security.gentoo.org
23
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Background
LibSSH is a C library providing SSHv2 and SSHv1.
Description
A new connection inherits the state of the PRNG without re-seeding with random data.
Impact
Servers using ECC (ECDSA) or DSA certificates in non-deterministic mode may under certain conditions leak their private key.
Workaround
There is no known workaround at this time.
Resolution
All LibSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libssh-0.6.3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-libs/libssh | <Β 0.6.3 | UNKNOWN |
Related
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 7 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
Security fix for the ALT Linux 9 package libssh version 0.6.3-alt1
2014-03-25 00:00:00
debiancve
debiancve
CVE-2014-0017
2014-03-14 15:55:05
nessus
nessus
GLSA-201408-03 : LibSSH: Information disclosure
2014-08-11 00:00:00
Fedora 19 : libssh-0.6.3-1.fc19 (2014-3485)
2014-03-17 00:00:00
Mandriva Linux Security Advisory : libssh (MDVSA-2014:053)
2014-03-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 2879-1 (libssh - security update)
2014-03-13 00:00:00
Mageia: Security Advisory (MGASA-2014-0119)
2022-01-28 00:00:00
Fedora Update for libssh FEDORA-2014-3473
2014-03-12 00:00:00
ubuntu
ubuntu
libssh vulnerability
2014-03-12 00:00:00
seebug
seebug
LibsshιζΊε·η ηζε¨ζΌζ΄(CVE-2014-0017)
2014-03-07 00:00:00
debian
debian
[SECURITY] [DSA 2879-1] libssh security update
2014-03-13 21:54:28
fedora
fedora
[SECURITY] Fedora 20 Update: libssh-0.6.3-1.fc20
2014-03-07 06:38:59
[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19
2014-03-15 15:21:52
[SECURITY] Fedora 20 Update: libssh-0.6.4-1.fc20
2015-01-03 19:10:54
ubuntucve
ubuntucve
CVE-2014-0017
2014-03-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-14 15:55:00
freebsd
freebsd
libssh -- PRNG state reuse on forking servers
2014-03-05 00:00:00
securityvulns
securityvulns
libssh PRNG attacks
2014-03-13 00:00:00
[USN-2145-1] libssh vulnerability
2014-03-13 00:00:00
mageia
mageia
Updated libssh package fixes security vulnerability
2014-03-06 03:17:12
nvd
nvd
CVE-2014-0017
2014-03-14 15:55:05
cve
cve
CVE-2014-0017
2014-03-14 15:55:05
osv
osv
libssh - security update
2014-03-13 00:00:00
cvelist
cvelist
CVE-2014-0017
2014-03-14 15:00:00
slackware
slackware
[slackware-security] libssh
2015-04-22 01:20:42
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Related for GLSA-201408-03