OpenSSH security vulnerability

Forum / General Discussions / OpenSSH security vulnerability

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #9678
    Britgirl
    Keymaster

    Hi NoMachiners,

    an information leak vulnerability has been found in OpenSSH client code between 5.4 and 7.1, OpenSSH versions which include experimental support for resuming SSH-connections. Although the matching server code has never been released, the information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client’s version, compiler, and operating system) allows a malicious server to read memory on connecting computers, possibly including private client user keys (CVE-2016-0777 and CVE-2016-0778).

    Since the nxssh client may be used in some connection configurations, we strongly advise to download the NoMachine update once it’s made available. The new packages for NoMachine software for Windows/Linux/Mac versions 4 and 5 will be released as soon as possible with further instructions.

    We’ll update this post once the packages are online.

    #9684
    Britgirl
    Keymaster

    Packages 5.0.63 are now available.

    Here is our software update announcement: https://www.nomachine.com/SU04N00100

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as closed, you can't post.