[X2Go-Dev] X2Go & OpenSSL CVE-2015-1793 "Alternative chains certificate forgery"
Michael DePaulo
mikedep333 at gmail.com
Fri Jul 10 01:49:40 CEST 2015
Mike#1,
Can you comment on whether X2Go is affected by this vulnerability? I
am not sure how the session brokers handles certs for HTTPS.
https://www.openssl.org/news/secadv_20150709.txt
The research I did for Heartbleed may be relevant:
http://wiki.x2go.org/doku.php/security:cve-announcements:heartbleed?&#further_details_not_posted_to_the_x2go-announcement_list
-Mike#2
More information about the x2go-dev
mailing list