Hi Michael, hi all,
On Fr 10 Jul 2015 13:59:42 CEST, Clemens Lang wrote:
Hi,
----- On 10 Jul, 2015, at 09:14, Henning Heinold h.heinold@tarent.de wrote:
x2go client could be affected when calling the broker via https.
A man in the middle attack is than possible, because the client will not validate the cert from the server correctly.
x2goclient only needs to take action where it bundles OpenSSL, so for example for the Mac binary client and possibly the Windows client. A simple rebuild with updated dependencies should be enough.
/me chimes in with Henning and Clemens. X2Go Client can be affected.
Python X2Go should not be affected, as it does not have any openssl
lib in the dependency tree.
Mike
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...