NoMachine Support

Your questions answered

Knowledge Base

Searching in: Software Updates
Filter the search results
Released on:
Searching in: Software Updates
ID: SU04L00103
Released on:  2014-04-09
Last update: 2014-04-09
OpenSSL security vulnerability

Luxembourg, April 9th, 2014

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. An attacker could use this flaw to obtain up to 64k of memory contents from the client or server, which could potentially lead to the disclosure of private keys and other sensitive information. (CVE-2014-0160)

OpenSSL is used in NoMachine software to power TLS and encryption in a number of subsystems. NoMachine has already commenced building and testing its own software with the updated OpenSSL libraries. The new packages will be released as soon as possible with instructions on how to regenerate the possibly compromised keys. Until then, NoMachine advises its users to put all machines containing sensitive information offline.

The NoMachine Security Team