[X2Go-Dev] X2Go & OpenSSL CVE-2015-1793 "Alternative chains certificate forgery"

[Clemens Lang]

Hi,

----- On 10 Jul, 2015, at 09:14, Henning Heinold h.heinold at tarent.de wrote:

> x2go client could be affected when calling the broker via https.
> 
> A man in the middle attack is than possible, because the client will
> not validate the cert from the server correctly.

x2goclient only needs to take action where it bundles OpenSSL, so for
example for the Mac binary client and possibly the Windows client. A simple
rebuild with updated dependencies should be enough.

-- 
Clemens Lang