On 16 February 2016, a libssh security vulnerability was announced (see CVE-2018-10933 for additional details.)
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Q: Is my site affected?
At this time, Acquia has performed an analysis of this vulnerability. Acquia's standard platform configuration mitigates this vulnerability. At this time, we have no reason to believe that Acquia or any of its customers' sites are impacted by this vulnerability.