[X2Go-Dev] X2Go & OpenSSL CVE-2015-1793 "Alternative chains certificate forgery"
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Mon Jul 13 11:43:05 CEST 2015
Hi Michael, hi all,
On Fr 10 Jul 2015 13:59:42 CEST, Clemens Lang wrote:
> Hi,
>
> ----- On 10 Jul, 2015, at 09:14, Henning Heinold h.heinold at tarent.de wrote:
>
>> x2go client could be affected when calling the broker via https.
>>
>> A man in the middle attack is than possible, because the client will
>> not validate the cert from the server correctly.
>
> x2goclient only needs to take action where it bundles OpenSSL, so for
> example for the Mac binary client and possibly the Windows client. A simple
> rebuild with updated dependencies should be enough.
/me chimes in with Henning and Clemens. X2Go Client can be affected.
Python X2Go should not be affected, as it does not have any openssl
lib in the dependency tree.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150713/a2ebaa22/attachment.pgp>
More information about the x2go-dev
mailing list