GnuGk Security Alert: libssh vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

a vulnerability in libssh 0.6 and above has been found that allows
access without credentials. GnuGk uses libssh if you enable SSH
encryption for the status port.

If you don't have SshStatusPort=1 in your configuration, then you are
_not_ affected by this issue.

Fix:
====
Re-compile GnuGk with libssh 0.8.4 and 0.7.6.


Workaround:
===========
Disable SSH on the status port:

[Gatekeeper::Main]
SshStatusPort=0


-- 
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan@xxxxxxxxxxxxxx
Website: https://www.gnugk.org
Support: https://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91, 22393 Hamburg, Germany
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584
_______________________________________________________

Posting: mailto:gnugk-users@xxxxxxxxxxxxxxx
Archive: https://lists.gnugk.org/pipermail/gnugk-users/
Unsubscribe: https://lists.gnugk.org/lists/listinfo/gnugk-users
Homepage: https://www.gnugk.org/




[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux