To all NoMachiners,
The OpenSSL project has released an update of its OpenSSL packages to consolidate previous fixes and provide patches for recent security vulnerabilities:
https://www.openssl.org/news/openssl-1.0.1-notes.html
From the list of security fixes available in OpenSSL 1.0.1s, the following may affect NoMachine version 5 packages:
– Fix a double-free in DSA code (CVE-2016-0705)
– Disable SRP fake user seed to address a server memory leak
(CVE-2016-0798)
– Fix memory issues in BIO_*printf functions (CVE-2016-0799)
– Fix side channel attack on modular exponentiation (CVE-2016-0702)
All NoMachine users are advised to update their client and server installations with this latest NoMachine release, 5.1.9, which contains the updated OpenSSL components.
Complete security advisory is available here: https://www.nomachine.com/SU07N00100
Additionally, this release fixes an installation issue affecting 5.1.7 on Mac OS X.
https://www.nomachine.com/TR03N06563
Updates to version 4 are also available. Please see here for further information:
https://www.nomachine.com/SU08N00100.