An information disclosure revealed an injection vulnerability in
OpenSSL’s ChangeCipherSpec processing making it possible for malicious
third parties to force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can decrypt and even modify traffic
from the attacked client and server (CVE-2014-0224).
All NoMachine 4 users are strongly invited to update their client and
server installations to this release, 4.2.25. Users of 3.5.0 are not
affected.
More information on-line: https://www.nomachine.com/SU06L00100
