This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/09/02 02:29] mikedep333 Add 4.0.2.1+hotfix1+build4 |
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/10/10 11:59] mikedep333 4.0.2.1+hotfix1+build6: Update wording |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ====== | ====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ====== | ||
+ | |||
+ | ===== Security Update: 4.0.2.1+hotfix1+build6 ===== | ||
+ | |||
+ | On 2014-10-10, 4.0.2.1+hotfix1+build6 was released with the following changes: | ||
+ | CVE-2014-6278 | ||
+ | - Windows: Cygwin Bash (sh.exe) updated from 4.1.14-7 to 4.1.17-9. 4.1.17-9 fixes CVE-2014-6278. | ||
+ | - Windows: The aforementioned Cygwin Bash update also fixes the vulnerabilities fixed in 4.1.16-8, CVE-2014-7186, | ||
+ | - Windows: Cygwin krb5 (Kerberos) updated from 1.12.1-2 to 1.12.2-1, which fixes CVE-2014-4341 through -4345. | ||
+ | |||
+ | For the exact details of the bash and krb5 updates, see the respective release announcements: | ||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. In fact, it seems unlikely that X2Go Client for Windows is affected by the krb5 vulnerabilities because X2Go Client for Windows uses PuTTY for Kerberos authentication instead. (Cygwin krb5 is merely installed because it is a dependency of Cygwin SSH.) However, as a precaution, we are releasing this updated build of X2Go Client for Windows. Unless an analysis is performed, we strongly encourage all users to update. This includes users of the " | ||
+ | |||
+ | ===== Security Update: 4.0.2.1+hotfix1+build5 ===== | ||
+ | |||
+ | On 2014-09-30, 4.0.2.1+hotfix1+build5 was released with the following changes: | ||
+ | |||
+ | - Windows: Cygwin Bash (sh.exe) updated from 4.1.10-4 to 4.1.14-7. This fixes the " | ||
+ | |||
+ | For the exact details of the bash update, see the Cygwin Bash release announcement for 4.1.14-7 | ||
+ | |||
+ | https:// | ||
+ | |||
+ | The X2Go project has not done an analysis of whether X2Go Client was actually affected by the " | ||
===== Bugfix Update: 4.0.2.1+hotfix1+build4 ===== | ===== Bugfix Update: 4.0.2.1+hotfix1+build4 ===== | ||
Line 36: | Line 65: | ||
===== Available Builds ===== | ===== Available Builds ===== | ||
- | All builds with version " | + | All builds with version " |
< | < | ||
Line 42: | Line 71: | ||
==== Current Builds ==== | ==== Current Builds ==== | ||
- | The regular build, x2goclient-4.0.2.1+hotfix1+build4-setup.exe, is available under this folder | + | The regular build, x2goclient-4.0.2.1+hotfix1+build6-setup.exe, is available under this folder: |
- | * http:// | + | * http:// |
- | The " | + | The " |
| | ||
- | The " | + | The " |
- | A debug build, x2goclient-4.0.2.1+hotfix1+build4-debug-setup.exe, | + | A debug build, x2goclient-4.0.2.1+hotfix1+build6-debug-setup.exe, |
- | * http:// | + | * http:// |
==== Previous Builds ==== | ==== Previous Builds ==== | ||
- | The regular builds, x2goclient-4.0.2.1+hotfix1+build3-setup.exe & x2goclient-4.0.2.1+hotfix1-setup.exe, | + | The regular builds, x2goclient-4.0.2.1+hotfix1 |
+ | * http:// | ||
+ | * http:// | ||
* http:// | * http:// | ||
* http:// | * http:// | ||
- | The " | + | The " |
| | ||
- | The " | + | The " |
- | Debug builds, x2goclient-4.0.2.1+hotfix1+build3-debug-setup.exe | + | Debug builds, |
+ | * http:// | ||
+ | * http:// | ||
* http:// | * http:// | ||
* http:// | * http:// |