This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
security:cve-announcements:heartbleed [2014/05/08 00:38] mikedep333 Additional details on X2Go Session Broker |
security:cve-announcements:heartbleed [2014/05/08 00:47] mikedep333 typo |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== X2Go Announcement on Heartbleed (CVE-2014-0160) ====== | ====== X2Go Announcement on Heartbleed (CVE-2014-0160) ====== | ||
- | ===== Announcement (will be posted to the x2go-announcement | + | ===== Announcement (will be posted to the x2go-announcements |
The following is the X2Go project' | The following is the X2Go project' | ||
Line 6: | Line 6: | ||
take. | take. | ||
- | 1. When X2Go (both X2Go Client and X2Go Server) | + | 1. When X2Go (both X2Go Client and X2Go Server) |
X2Go Session Broker, X2Go is not vulnerable. | X2Go Session Broker, X2Go is not vulnerable. | ||
+ | |||
If you do use X2Go without a session broker, no action is required in | If you do use X2Go without a session broker, no action is required in | ||
terms of X2Go. | terms of X2Go. | ||
+ | |||
We still strongly advise you to install your Linux distro' | We still strongly advise you to install your Linux distro' | ||
+ | |||
We also advise updating X2Go Client for Windows to 4.0.2.0, and X2Go | We also advise updating X2Go Client for Windows to 4.0.2.0, and X2Go | ||
client for Mac OS X to 4.0.2.0, in order to avoid vulnerability | client for Mac OS X to 4.0.2.0, in order to avoid vulnerability | ||
Line 70: | Line 73: | ||
d. Replace the SSH key used by X2Go Session Broker to communicate with X2Go Session Broker Agents: | d. Replace the SSH key used by X2Go Session Broker to communicate with X2Go Session Broker Agents: | ||
+ | <code bash> | ||
sudo x2gobroker-keygen | sudo x2gobroker-keygen | ||
+ | </ | ||
(To clarify, the SSH connection between an X2Go Session Broker and an X2Go Session Broker Agent (running on an X2Go Server) is not vulnerable. However the SSH private key used to communicate with agents is in the broker' | (To clarify, the SSH connection between an X2Go Session Broker and an X2Go Session Broker Agent (running on an X2Go Server) is not vulnerable. However the SSH private key used to communicate with agents is in the broker' | ||
Line 79: | Line 84: | ||
b. If you have the X2Go Session Broker Agent installed, authorize the new X2Go Session Broker SSH key: | b. If you have the X2Go Session Broker Agent installed, authorize the new X2Go Session Broker SSH key: | ||
+ | <code bash> | ||
sudo x2gobroker-pubkeyauthorizer --broker-url http(s)://< | sudo x2gobroker-pubkeyauthorizer --broker-url http(s)://< | ||
+ | </ | ||
X2Go Client: | X2Go Client: |