Security-X
Forum Security-X => Système d'Exploitation => Linux => Discussion démarrée par: igor51 le février 23, 2016, 17:24:13
-
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
This is an important SECURITY and maintenance release in order to address CVE-2016-0739 – Bits/bytes confusion resulting in truncated Difffie-Hellman secret length.
Cette phrase vaut son pesant de cacahuètes
ibssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.