NoMachine Support

Your questions answered

Knowledge Base

Searching in: Software Updates
Filter the search results
Released on:
Searching in: Software Updates
ID: SU02N00100
Released on:  2016-01-15
Last update: 2016-01-16
OpenSSH security vulnerability

Luxembourg, January 15th, 2016

An information leak vulnerability has been found in OpenSSH client code between 5.4 and 7.1, OpenSSH versions which include experimental support for resuming SSH-connections. Although the matching server code has never been released, the information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client's version, compiler, and operating system) allows a malicious server to read memory on connecting computers, including private client user keys (CVE-2016-0777 and CVE-2016-0778).

Since the nxssh client may be used in some connection configurations, we strongly advise to download the NoMachine update once it's made available. The new packages for NoMachine software for Windows/Linux/Mac versions 4 and 5 will be released as soon as possible with further instructions.

 

The NoMachine Security Team