Is NoMachine affected by the libssh bug recently announced?

Forum / General Discussions / Is NoMachine affected by the libssh bug recently announced?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • October 23, 2018 at 18:55 #20112
    jremington
    Participant

    Hi All:

    Very recently a severe libssh bug was announced, see link below. I’m using CentOS 6.x and am unable to determine which version of libssh is being used by NoMachine (the only relevant file is named libssh.so). We are using the free version of NoMachine, version 6.0.66

    Are we affected by this bug and/or has it been fixed? Thanks!

    https://www.zdnet.com/article/vendors-confirm-products-affected-by-libssh-bug-as-poc-code-pops-up-on-github/

    October 25, 2018 at 09:03 #20127
    Britgirl
    Keymaster

    No, NoMachine is not affected.

    NoMachine uses libssh2 which is not affected by the bugs reported in the recent advisory about libssh. You can read more about it here: https://access.redhat.com/security/cve/cve-2018-10933

    To find out what version of libssh2 is used:

    grep libssh /usr/NX/share/documents/credits/CREDITS

     

    Btw, we just released version 6.3.6, you might want to consider updating your installations 😉

    October 26, 2018 at 08:17 #20143
    jremington
    Participant

    Thanks for the prompt response. I’ll upgrade to the latest version of NoMachine.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.