'This is an important security and maintenance release in order to address CVE-2018-10933. libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials. The bug was discovered by Peter Winter-Smith of NCC Group.' -- source: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix... -- via twitter: https://twitter.com/FioraAeterna/status/1052294419607506944 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/