[X2Go-Commits] page changed: doc:release-notes-mswin:x2goclient-4.0.2.0

wiki-admin at x2go.org wiki-admin at x2go.org
Thu Apr 24 02:56:33 CEST 2014 

A page in your DokuWiki was added or changed. Here are the details:

Date        : 2014/04/24 00:56
Browser     : Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36
IP-Address  : 72.94.83.13
Hostname    : pool-72-94-83-13.phlapa.fios.verizon.net
Old Revision: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.0?rev=1398300627
New Revision: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.0
Edit Summary: [Windows-Specific Bug Fixes] typo
User        : mikedep333

@@ -78,12 +78,12 @@
      *Fix compatibility with PulseAudio 3.0 & later through new cookie handling. (Fixes: #422)
      *The regular build X2Go Client now includes a fix for bug #363 (choppy audio in Flash Player). Users no longer need to install an "interims" build for that a fix.
  
  The following bugfixes are not mentioned in the regular release notes. (They are not mentioned in the regular release notes because they do
not consist of fixes to X2GoClient's source code, only to the dependencies bundled.):
-     *CVE-2014-0160 "Heartbleed" vulnerability (Note: X2Go Client was only affected by the heartbleed vulnerability when connecting to a an X2Go session broker over HTTPS. Even though X2Go Client uses libssh and cygwin's openssh, which both in turn use openssl, they were never affected because the SSH protocol does not contain the SSL heartbeat. For more info on why SSH implementations are not affected, read [[https://access.redhat.com/site/solutions/786603|Red hat's solution article.]]. The only difference between that solution article and X2Go Client is that the vulnerable library file is ssleay32.dll and the non-affected library files are both libeay32.dll and cygcrypto-1.0.0.dll .) 
+     *CVE-2014-0160 "Heartbleed" vulnerability (Note: X2Go Client was only affected by the heartbleed vulnerability when connecting to a an X2Go session broker over HTTPS. Even though X2Go Client uses libssh and
cygwin's openssh, which both in turn use openssl, they were never affected because the SSH protocol does not contain the SSL heartbeat. For more info on why SSH implementations are not affected, read [[https://access.redhat.com/site/solutions/786603|Red hat's solution article]]. The only difference between that solution article and X2Go Client is that the vulnerable library file is ssleay32.dll and the non-affected library files are both libeay32.dll and cygcrypto-1.0.0.dll .) 
      *Compared to 4.0.1.3, bug #229 (support for https broker connections) was fixed. However, it was also fixed in 4.0.1.3+build2. This bugfix is being mentioned here because some users may not be aware of 4.0.1.3+build2. (Ironically, the fix was to add ssleay32.dll, which means that the heartbleed vulnerability was only ever present in 4.0.1.3+build2.)
      *The following security vulnerabilities in VcXsrv: CVE-2013-4396 (Oct. 8, 2013), CVE-2013-6462 (Jan. 7, 2014) (Note that we have not determined whether
or not X2Go could actually trigger them. They are however now fixed in the VcXsrv code.)
  
  ===== Noteworthy Windows-Specific Bugs =====
  
    * [[http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=108|bug 108]] - Certain specialized applications fail to start (or exhibit font-related bugs) due to the fonts not being installed on the X2Go Client. This can be worked around by using the x2goclient-4.0.2.0-miscfonts-setup.exe installer located here: http://code.x2go.org/releases/binary-win32/x2goclient/tmp/ . If the problem still persists, try using x2goclient-4.0.2.0-fullfonts-setup.exe instead. Note that these installers are a temporary measure until a permanent solution is implemented.
    * [[http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=109|bug 109]] - x2goclient refuses to start after selecting a nonexistent external X server. To prevent this bug, do not select to use an external X server without specifying  the path to an external X server that is actually installed. (The default
path usually does not exist.) If you are experiencing this bug, work around it by setting this registry value: HKEY_CURRENT_USER\Software\Obviously Nice\x2goclient\settings\useintx = true



-- 
This mail was generated by DokuWiki at
http://wiki.x2go.org/

More information about the x2go-commits mailing list