This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/09/30 13:46] mikedep333 Update for 4.0.2.1+hotfix1+build5 |
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/10/10 11:52] mikedep333 Update for 4.0.2.1+hotfix1+build6 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ====== | ====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ====== | ||
+ | |||
+ | ===== Security Update: 4.0.2.1+hotfix1+build6 ===== | ||
+ | |||
+ | On 2014-10-10, 4.0.2.1+hotfix1+build6 was released with the following changes: | ||
+ | CVE-2014-6278 | ||
+ | - Windows: Cygwin Bash (sh.exe) updated from 4.1.14-7 to 4.1.17-9. 4.1.17-9 fixes CVE-2014-6278. | ||
+ | - Windows: The aforementioned Cygwin Bash update also fixes the vulnerabilities fixed in 4.1.16-8, CVE-2014-7186, | ||
+ | - Windows: Cygwin krb5 (Kerberos) updated from 1.12.1-2 to 1.12.2-1, which fixes CVE-2014-4341 through -4345. | ||
+ | |||
+ | For the exact details of the bash and krb5 updates, see the respective release announcements: | ||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | The X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. In fact, it seems very unlikely that X2Go Client for Windows is affected by the krb5 vulnerabilities because X2Go Client for Windows uses PuTTY for Kerberos authentication instead. (Cygwin krb5 is merely installed because it is a dependency of Cygwin SSH.) However, as a precaution, we are releasing this updated build of X2Go Client for Windows. Unless an analysis is performed, we strongly encourage all users to update. This includes users of the " | ||
===== Security Update: 4.0.2.1+hotfix1+build5 ===== | ===== Security Update: 4.0.2.1+hotfix1+build5 ===== | ||
Line 8: | Line 25: | ||
For the exact details of the bash update, see the Cygwin Bash release announcement for 4.1.14-7 | For the exact details of the bash update, see the Cygwin Bash release announcement for 4.1.14-7 | ||
+ | |||
https:// | https:// | ||
Line 47: | Line 65: | ||
===== Available Builds ===== | ===== Available Builds ===== | ||
- | All builds with version " | + | All builds with version " |
< | < | ||
Line 53: | Line 71: | ||
==== Current Builds ==== | ==== Current Builds ==== | ||
- | The regular build, x2goclient-4.0.2.1+hotfix1+build5-setup.exe, is available under this folder: | + | The regular build, x2goclient-4.0.2.1+hotfix1+build6-setup.exe, is available under this folder: |
- | * http:// | + | * http:// |
- | The " | + | The " |
| | ||
- | The " | + | The " |
- | A debug build, x2goclient-4.0.2.1+hotfix1+build5-debug-setup.exe, | + | A debug build, x2goclient-4.0.2.1+hotfix1+build6-debug-setup.exe, |
- | * http:// | + | * http:// |
==== Previous Builds ==== | ==== Previous Builds ==== | ||
- | The regular builds, x2goclient-4.0.2.1+hotfix1 through x2goclient-4.0.2.1+hotfix1+build4-setup.exe, are available under these folders: | + | The regular builds, x2goclient-4.0.2.1+hotfix1 through x2goclient-4.0.2.1+hotfix1+build5-setup.exe, are available under these folders: |
+ | * http:// | ||
* http:// | * http:// | ||
* http:// | * http:// | ||
Line 73: | Line 92: | ||
- | The " | + | The " |
| | ||
- | The " | + | The " |
- | Debug builds, | + | Debug builds, |
+ | * http:// | ||
* http:// | * http:// | ||
* http:// | * http:// |