NoMachine Support

Your questions answered

Knowledge Base

Searching in: Software Updates
Filter the search results
Released on:
Searching in: Software Updates
ID: SU08N00174
Released on:  2016-08-04
Last update: 2016-08-05
NoMachine libssh vulnerability (version 4)

Luxembourg, August 4th, 2016

The libssh2 project has released an update of its packages to provide a patch for a security vulnerability which affects the NoMachine 4 packages. More details are available here:

https://www.libssh2.org/adv_20160223.html

It was found that during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffle Hellman negotiation, it would pass in number of bytes to a function that expected number of bits. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

Although there are no known exploits at this time, all NoMachine 4 users are advised to update their client and server installations with this latest NoMachine release, 4.6.23, which contains the updated libssh components.

 

Download NoMachine Packages

Customers with valid subscriptions should log in to their customer area and download the "Update version".

 

Automatic updates

The automatic check for updates is scheduled to check our repositories every two days.

To update any of the NoMachine servers immediately:

- Run the NoMachine GUI from your Programs Menu.

- Click on 'Settings', then on the 'Server preferences' and finally on 'Updates'.

- Then click on the 'Check now' button.

To update the NoMachine Enterprise Client immediately:

- Click on 'Settings' and 'Updates'.

- Then click on the 'Check now' button.

More information about the check for automatic updates is available here:

https://www.nomachine.com/AR05M00847


Manual package update

Please follow the instructions to update your installation manually:

On Windows:

- Download and save the EXE file.
- Double click on the NoMachine executable file.
- As for the installation, the Setup Wizard will take you through all steps necessary for updating NoMachine.

On Mac OS X:

- Download and save the DMG file.
- Double-click on the Disk Image to open it and double-click on the NoMachine program icon.
- As for the installation, the Installer will take you through through all steps necessary for updating NoMachine.

On Linux:

You can use the graphical package manager provided by your Linux distribution or update NoMachine by command line by following instructions below.
If you don't have the sudo utility installed, log on as superuser ("root") and run the commands without sudo.

RPM

- Download and save the RPM file.
- Update your NoMachine installation by running:

# rpm -Uvh <pkgName>_<pkgVersion>_<arch>.rpm

DEB

- Download and save the DEB file.
- Update your NoMachine installation by running:

$ sudo dpkg -i <pkgName>_<pkgVersion>_<arch>.deb

TAR.GZ

- Download and save the TAR.GZ file.
- Update your NoMachine installation by running:

$ cd /usr
$ sudo tar xvzf <pkgName>_<pkgVersion>_<arch>.tar.gz
$ sudo /usr/NX/nxserver --update

If you are installing Enterprise Client or Node run respectively:

$ sudo /usr/NX/nxclient --update
$ sudo /usr/NX/nxnode --update

 

Documents

Installation and configuration guides for the NoMachine products are available at:

https://www.nomachine.com/documents

 

The NoMachine Security Team