To all NoMachiners,
The OpenSSL project has released an update of its OpenSSL packages to provide patches for recent security vulnerabilities:
https://www.openssl.org/news/secadv/20160503.txt
The following, taken from the list of security fixes available in OpenSSL 1.0.2h and 1.0.1t, affect NoMachine version 5 Cloud Server packages:
– Prevent padding oracle in AES-NI CBC MAC check
Other issues with lower severity may affect NoMachine software packages:
– Fix EVP_EncodeUpdate overflow
– Fix EVP_EncryptUpdate overflow
– Prevent ASN.1 BIO excessive memory allocation
– EBCDIC overread
NoMachine 5.1.26 is now available and additionally fixes two issues in the previous version.
For further information please consult the announcement here: https://www.nomachine.com/SU05N00101.