OpenSSL security vulnerability

Forum / General Discussions / OpenSSL security vulnerability

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #3872
    Britgirl
    Keymaster

    To all NoMachine Users,

    NoMachine makes available updated packages to prevent an injection vulnerability issue in OpenSSL’s ChangeCipherSpec processing (CVE-2014-0224) which makes it possible for malicious third parties to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and even modify traffic from the attacked client and server (CVE-2014-0224).

    All NoMachine 4 users are strongly invited to update their client and server installations to this release, 4.2.25. Users of 3.5.0 are not affected.

    The 4.2.25 release includes also fixes for the following problems:

    TR05L04408 – White border is displayed when maximizing a custom application session on Windows
    TR06L04447 – Error ‘Cannot get current user’ is repeatedly shown when running the ‘nxserver –list’ command
    TR06L04448 – Virtual desktop session on XUbuntu 13.10 or 14.01 is not usable

     

    Supported Platforms

    Windows 32-bit/64-bit XP/Vista/7/8

    Mac OS X Intel 64-bit 10.5/10.6/10.7/10.8/10.9

    Linux 32-bit and 64-bit
    Red Hat Enterprise 4/5/6
    SLES 10/11
    Open SUSE 10.x/11.x/12.x
    Mandriva 2009/2010/2011
    Fedora Core 10/11/12/13/14/15/16/17/18
    Debian GNU Linux 4.0 Etch/5.0 Lenny/ 6.0 Squeeze/ 7.0 Wheezy
    Ubuntu 8.04 Hardy Heron/8.10 Intrepid Ibex/Ubuntu 9.04 Jaunty Jackalope/
    9.10 Karmic Koala/10.4 Lucid Lynx/10.10 Maverick/11.04 Natty/11.10 Oneiric/12.04 Precise Pangolin

    Download NoMachine Packages

    You can download the latest packages suitable for your Operating System from the NoMachine Web site at the following URL:

    http://www.nomachine.com/download

    Or from your Customer Area if you are a registered customer.

    Automatic updates

    To update any of the NoMachine servers:

    – Run the NoMachine GUI from your Programs Menu.

    – Click on ‘Preferences’ and ‘Updates’.

    – Then click on the ‘Check now’ button.

    To update the NoMachine Enterprise Client:

    – Click on ‘Preferences’ and ‘Updates’.

    – Then click on the ‘Check now’ button.

    Manual package update

    Please follow the instructions to update your installation manually:

    On Windows:

    – Download and save the EXE file.
    – Double click on the NoMachine executable file.
    – As for the installation, the Setup Wizard will take you through all steps necessary for updating NoMachine.

    On Mac OS X:

    – Download and save the DMG file.
    – Double-click on the Disk Image to open it and double-click on the NoMachine program icon.
    – As for the installation, the Installer will take you through through all steps necessary for updating NoMachine.

    On Linux:

    You can use the graphical package manager provided by your Linux distribution or update NoMachine by command line by following instructions below.
    If you don’t have the sudo utility installed, log on as superuser (“root”) and run the commands without sudo.

    RPM

    – Download and save the RPM file.
    – Update your NoMachine installation by running:

    # rpm -Uvh <pkgName>_<pkgVersion>_<arch>.rpm

    DEB

    – Download and save the DEB file.
    – Update your NoMachine installation by running:

    $ sudo dpkg -i <pkgName>_<pkgVersion>_<arch>.deb

    TAR.GZ

    – Download and save the TAR.GZ file.
    – Update your NoMachine installation by running:

    $ cd /usr
    $ sudo tar xvzf <pkgName>_<pkgVersion>_<arch>.tar.gz
    $ sudo /usr/NX/nxserver –update

    If you are installing Enterprise Client or Node run respectively:

    $ sudo /usr/NX/nxclient –update
    $ sudo /usr/NX/nxnode –update

    Documents

    Installation and configuration guides for the NoMachine products are available at:

    http://www.nomachine.com/documents

    The NoMachine Security Team

Viewing 1 post (of 1 total)

This topic was marked as closed, you can't post.