View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-0739 severity moderate: SUSE including 18 source package names (14.28:libssh4-0.6.3-11.1, libssh, …), 47 product×package rows across 22 product lines (Container suse/sles12sp4, SUSE Linux Enterprise Desktop 11 SP4, … (22 product lines)): Fixed 41, Known Not Affected 6.
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."