[3.3] libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length (CVE-2016-0739)
libssh versions 0.1 and above have a bits/bytes confusion bug and
an anormaly short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes of 1024
and 2048 bits respectively. There are practical algorithms (Baby steps/Giant
steps, Pollard’s rho) that can solve this problem in O (2^63) operations.
Fixed In Version:
(from redmine: issue id 5173, created on 2016-02-24, closed on 2016-03-01)
main/libssh: security upgrade to 0.7.3 (CVE-2016-0739). Fixes #5173 (cherry picked from commit 8967b28bae04756e804afa403733139e2adedfdb)