DSA-2879 libssh - security update
|
System information
|
|
|
Affected software |
Debian |
Description
|
It was discovered that libssh, a tiny C SSH library, did not reset thestate of the PRNG after accepting a connection. A server modeapplication that forks itself to handle incoming connections could seeits children sharing the same PRNG state, resulting in a cryptographicweakness and possibly the recovery of the private key.
More info:
http://www.debian.org/security/2014/dsa-2879 |
Standar resources
|
Property |
Value |
CVE |
CVE-2014-0017 and DSA-2879. |