One more note if you are using the executable provided on gnugk.org: I have linked libssh dynamically, so its enough to install an updated library from your Linux distribution. I see that Ubuntu just released fixed versions for 14.04, 16.04 and 18.04. So please make sure you install your updates. Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91, 22393 Hamburg, Germany Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 Jan Willamowius wrote: > Hi, > > a vulnerability in libssh 0.6 and above has been found that allows > access without credentials. GnuGk uses libssh if you enable SSH > encryption for the status port. > > If you don't have SshStatusPort=1 in your configuration, then you are > _not_ affected by this issue. > > Fix: > ==== > Re-compile GnuGk with libssh 0.8.4 and 0.7.6. > > > Workaround: > =========== > Disable SSH on the status port: > > [Gatekeeper::Main] > SshStatusPort=0 _______________________________________________________ Posting: mailto:gnugk-users@xxxxxxxxxxxxxxx Archive: https://lists.gnugk.org/pipermail/gnugk-users/ Unsubscribe: https://lists.gnugk.org/lists/listinfo/gnugk-users Homepage: https://www.gnugk.org/
