14 DAY TRIAL // A couple of libssh vulnerabilities have been found and fixed in Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems.
Quite a few issues have been repaired in the past few days in all the supported Ubuntu operating systems and it looks like we're going to need to hit that upgrade button once more to fix the latest libssh vulnerabilities.
"Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information," reads the security notice.
There are two such problems and both of them have been corrected. For a more detailed description of the problem, you should check the entire security notification.
The flaws can be fixed if you upgrade your system to the latest libssh-4 package. To apply the patch, users will have to run the Update Manager application. In general, a standard system update will make all the necessary changes, and there is no need for a restart.
You can also use the terminal and enter the following commands (you will need to be root in order to make it work):
sudo apt-get dist-upgrade