Forum / General Discussions / OpenSSL security vulnerability
- This topic has 0 replies, 1 voice, and was last updated 10 years, 6 months ago by Britgirl.
-
AuthorPosts
-
June 10, 2014 at 16:11 #3872BritgirlKeymaster
To all NoMachine Users,
NoMachine makes available updated packages to prevent an injection vulnerability issue in OpenSSL’s ChangeCipherSpec processing (CVE-2014-0224) which makes it possible for malicious third parties to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and even modify traffic from the attacked client and server (CVE-2014-0224).
All NoMachine 4 users are strongly invited to update their client and server installations to this release, 4.2.25. Users of 3.5.0 are not affected.
The 4.2.25 release includes also fixes for the following problems:
TR05L04408 – White border is displayed when maximizing a custom application session on Windows
TR06L04447 – Error ‘Cannot get current user’ is repeatedly shown when running the ‘nxserver –list’ command
TR06L04448 – Virtual desktop session on XUbuntu 13.10 or 14.01 is not usableSupported Platforms
Windows 32-bit/64-bit XP/Vista/7/8
Mac OS X Intel 64-bit 10.5/10.6/10.7/10.8/10.9
Linux 32-bit and 64-bit
Red Hat Enterprise 4/5/6
SLES 10/11
Open SUSE 10.x/11.x/12.x
Mandriva 2009/2010/2011
Fedora Core 10/11/12/13/14/15/16/17/18
Debian GNU Linux 4.0 Etch/5.0 Lenny/ 6.0 Squeeze/ 7.0 Wheezy
Ubuntu 8.04 Hardy Heron/8.10 Intrepid Ibex/Ubuntu 9.04 Jaunty Jackalope/
9.10 Karmic Koala/10.4 Lucid Lynx/10.10 Maverick/11.04 Natty/11.10 Oneiric/12.04 Precise PangolinDownload NoMachine Packages
You can download the latest packages suitable for your Operating System from the NoMachine Web site at the following URL:
http://www.nomachine.com/download
Or from your Customer Area if you are a registered customer.
Automatic updates
To update any of the NoMachine servers:– Run the NoMachine GUI from your Programs Menu.
– Click on ‘Preferences’ and ‘Updates’.
– Then click on the ‘Check now’ button.
To update the NoMachine Enterprise Client:
– Click on ‘Preferences’ and ‘Updates’.
– Then click on the ‘Check now’ button.
Manual package update
Please follow the instructions to update your installation manually:
On Windows:
– Download and save the EXE file.
– Double click on the NoMachine executable file.
– As for the installation, the Setup Wizard will take you through all steps necessary for updating NoMachine.On Mac OS X:
– Download and save the DMG file.
– Double-click on the Disk Image to open it and double-click on the NoMachine program icon.
– As for the installation, the Installer will take you through through all steps necessary for updating NoMachine.On Linux:
You can use the graphical package manager provided by your Linux distribution or update NoMachine by command line by following instructions below.
If you don’t have the sudo utility installed, log on as superuser (“root”) and run the commands without sudo.RPM
– Download and save the RPM file.
– Update your NoMachine installation by running:# rpm -Uvh <pkgName>_<pkgVersion>_<arch>.rpm
DEB
– Download and save the DEB file.
– Update your NoMachine installation by running:$ sudo dpkg -i <pkgName>_<pkgVersion>_<arch>.deb
TAR.GZ
– Download and save the TAR.GZ file.
– Update your NoMachine installation by running:$ cd /usr
$ sudo tar xvzf <pkgName>_<pkgVersion>_<arch>.tar.gz
$ sudo /usr/NX/nxserver –updateIf you are installing Enterprise Client or Node run respectively:
$ sudo /usr/NX/nxclient –update
$ sudo /usr/NX/nxnode –updateDocuments
Installation and configuration guides for the NoMachine products are available at:
http://www.nomachine.com/documents
The NoMachine Security Team
-
AuthorPosts
This topic was marked as closed, you can't post.