Is NoMachine affected by the libssh bug recently announced?

Forums / General Discussions / Is NoMachine affected by the libssh bug recently announced?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #20112
    jremington
    Participant

    Hi All:

    Very recently a severe libssh bug was announced, see link below. I’m using CentOS 6.x and am unable to determine which version of libssh is being used by NoMachine (the only relevant file is named libssh.so). We are using the free version of NoMachine, version 6.0.66

    Are we affected by this bug and/or has it been fixed? Thanks!

    https://www.zdnet.com/article/vendors-confirm-products-affected-by-libssh-bug-as-poc-code-pops-up-on-github/

    #20127
    Britgirl
    Keymaster

    No, NoMachine is not affected.

    NoMachine uses libssh2 which is not affected by the bugs reported in the recent advisory about libssh. You can read more about it here: https://access.redhat.com/security/cve/cve-2018-10933

    To find out what version of libssh2 is used:

    grep libssh /usr/NX/share/documents/credits/CREDITS

     

    Btw, we just released version 6.3.6, you might want to consider updating your installations 😉

    #20143
    jremington
    Participant

    Thanks for the prompt response. I’ll upgrade to the latest version of NoMachine.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.