Luxembourg, January 15th, 2016
An information leak vulnerability has been found in OpenSSH client code between 5.4 and 7.1, OpenSSH versions which include experimental support for resuming SSH-connections. Although the matching server code has never been released, the information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client's version, compiler, and operating system) allows a malicious server to read memory on connecting computers, including private client user keys (CVE-2016-0777 and CVE-2016-0778).
Since the nxssh client may be used in some connection configurations, we strongly advise to download the NoMachine update once it's made available. The new packages for NoMachine software for Windows/Linux/Mac versions 4 and 5 will be released as soon as possible with further instructions.
The NoMachine Security Team