Hi, a vulnerability in libssh 0.6 and above has been found that allows access without credentials. GnuGk uses libssh if you enable SSH encryption for the status port. If you don't have SshStatusPort=1 in your configuration, then you are _not_ affected by this issue. Fix: ==== Re-compile GnuGk with libssh 0.8.4 and 0.7.6. Workaround: =========== Disable SSH on the status port: [Gatekeeper::Main] SshStatusPort=0 -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91, 22393 Hamburg, Germany Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 _______________________________________________________ Posting: mailto:gnugk-users@xxxxxxxxxxxxxxx Archive: https://lists.gnugk.org/pipermail/gnugk-users/ Unsubscribe: https://lists.gnugk.org/lists/listinfo/gnugk-users Homepage: https://www.gnugk.org/