Debdiff for Yakkety
The vuln has no specific known attack methods so there is no public
exploit available. Package tests have passed and I used a somewhat
unusual method to explicitly regression test. Package php-ssh2 depends
on libssh2.
<?php
$server="ssh.host.name";
// DH Group1 SHA1 uses patched sha1 KEX
$methods = array(
'kex' => 'diffie-hellman-group1-sha1'
);
// Make our connection
$connection = ssh2_connect($server, 22, $methods);
if (!$connection) die('Connection failed');
$methods_neg = ssh2_methods_negotiated($connection);
echo "Keys negotiated with: {$methods_neg['kex']}\n";
echo "Client-to-server uses these methods:\n";
echo " Encryption: {$methods_neg["client_to_server"]["crypt"]}\n";
echo " Compression: {$methods_neg["client_to_server"]["comp"]}\n";
echo "Server-to-client uses these methods:\n";
echo " Encryption: {$methods_neg["server_to_client"]["crypt"]}\n";
echo " Compression: {$methods_neg["server_to_client"]["comp"]}\n";
** Patch added: "Debdiff for yakkety"
https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/1664812/+attachment/4819153/+files/libssh2_1.7.0-1ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1664812
Title:
CVE-2016-0787
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/1664812/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
