Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Authentication bypass in server code"
There is a vulnerability within the server code which can enable a client to bypass the authentication process and set the internal state machine maintained by the library to authenticated, enabling the (otherwise prohibited) creation of channels.
Die sbetrifft die Versionen >= 0.6
Siehe dazu auch [1]
VG
Bernd
[0] https://www.libssh.org/security/advisories/CVE-2018-10933.txt
[1] https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix...
rwth-security@lists.rwth-aachen.de