A page in your DokuWiki was added or changed. Here are the details: Date : 2015/01/19 14:08 Browser : Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36 IP-Address : 108.36.248.44 Hostname : pool-108-36-248-44.phlapa.fios.verizon.net Old Revision: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.3.1?rev... New Revision: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.3.1 Edit Summary: Add section: Security Update: 4.0.3.1-20150119 User : mikedep333 @@ -1,5 +1,16 @@ ====== Windows-Specific Release notes for X2Go Client 4.0.3.1 ====== + + ===== Security Update: 4.0.3.1-20150119 ===== + + On 2015-01-19, 4.0.3.1-20150119 was released with the following changes: + + - Windows: Win32 OpenSSL updates from 1.0.1j to 1.0.1L, which fixes the CVEs announced on 2015-01-08. + - Windows: Cygwin OpenSSL updated from 1.0.1j-1 to 1.0.1k-1, which fixes the CVEs announced on 2015-01-08. + - Windows: Bundle new version of VcXsrv: 1.15.2.2-xp+vc2013+x2go1. The differences from 1.15.2.1-xp+vc2013+x2go1 are that its bundled OpenSSL has been updated to 1.0.1k, and that xorg-server CVE-2014-8091..8103 have been fixed. + - Windows: Update libssh from 0.6.3 to 0.6.4 (while maintaining Pageant support). This fixes CVE-2014-8132, which shouldn't affect x2goclient because x2goclient uses the SSH client functionality, not the SSH server functionality. 0.6.4 also added 4 features related to ECDSA keys. + + As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities (except for libssh CVE-2014-8132.) However, as a precaution, we are releasing this updated build of X2Go Client for Windows. Unless an analysis is performed for each vulnerability, we strongly encourage all users to update. ===== Major Windows-specific changes since 4.0.3.0-20141021 ===== None. -- This mail was generated by DokuWiki at http://wiki.x2go.org/