Hi Michael, hi all, On Fr 10 Jul 2015 13:59:42 CEST, Clemens Lang wrote:
Hi, ----- On 10 Jul, 2015, at 09:14, Henning Heinold [email protected] wrote:x2go client could be affected when calling the broker via https. A man in the middle attack is than possible, because the client will not validate the cert from the server correctly.x2goclient only needs to take action where it bundles OpenSSL, so for example for the Mac binary client and possibly the Windows client. A simple rebuild with updated dependencies should be enough.
/me chimes in with Henning and Clemens. X2Go Client can be affected. Python X2Go should not be affected, as it does not have any openssl lib in the dependency tree.
Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpyys0TAFMlF.pgp
Description: Digitale PGP-Signatur
_______________________________________________ x2go-dev mailing list [email protected] http://lists.x2go.org/listinfo/x2go-dev
