To all NoMachiners,
the libssh2 project has released an update of its packages to provide a patch for a security vulnerability which affects the NoMachine 5 packages. More details are available here:
https://www.libssh2.org/adv_20160223.html
It was found that during the SSHv2 handshake when libssh2 is to get a suitable value for ‘group order’ in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
Although there are no known exploits at this time, all NoMachine users are advised to update their client and server installations with this latest NoMachine release, 5.1.44, which contains the updated libssh components.
Full announcement here: https://www.nomachine.com/SU08N00173
The NoMachine Security Team