Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Authentication bypass in server code" There is a vulnerability within the server code which can enable a client to bypass the authentication process and set the internal state machine maintained by the library to authenticated, enabling the (otherwise prohibited) creation of channels. Die sbetrifft die Versionen >= 0.6 Siehe dazu auch [1] VG Bernd [0] https://www.libssh.org/security/advisories/CVE-2018-10933.txt [1] https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix... -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de