An information disclosure flaw was found in the way OpenSSL handled TLS
and DTLS Heartbeat Extension packets.
An attacker could use this flaw to obtain up to 64k of memory contents
from the client or server, which could potentially lead to the
disclosure of private keys and other sensitive information.
(CVE-2014-0160)
OpenSSL is used in NoMachine software to power TLS and encryption in a number of subsystems. NoMachine has already commenced building and testing its own software with the updated OpenSSL libraries. The new packages will be released as soon as possible with instructions on how to regenerate the possibly compromised keys. Until then, NoMachine advises its users to put all machines containing sensitive information off-line.
The NoMachine Security Team
The NoMachine advisory is here: https://www.nomachine.com/SU04L00103
