NoMachine OpenSSL security vulnerability CVE-2014-0224)

NoMachine OpenSSL security vulnerability CVE-2014-0224)

An information disclosure revealed an injection vulnerability in OpenSSL’s ChangeCipherSpec processing making it possible for malicious third parties to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.
This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and even modify traffic from the attacked client and server (CVE-2014-0224).

All NoMachine 4 users are strongly invited to update their client and server installations to this release, 4.2.25. Users of 3.5.0 are not affected.
More information on-line: https://www.nomachine.com/SU06L00100