Skip to content

 Product Release: NoTouch OS 3.6.225
See what’s new

New OpenSSL vulnerability: NoTouch is NOT affected (CVE-2015-1793)

Today, July 9th, 2015 an OpenSSL vulnerability was disclosed: CVE-2015-1793. NoTouch is not affected.

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. However, this bug was introduced in OpenSSL 1.0.1n, whereas both NoTouch OS as well as the Stratodesk Virtual Appliance use an improved version of 1.0.1f.

Thus, there is nothing to do and no update or patch is necessary.

author avatar
Stratodesk

New OpenSSL vulnerability: NoTouch is NOT affected (CVE-2015-1793)

Today, July 9th, 2015 an OpenSSL vulnerability was disclosed: CVE-2015-1793. NoTouch is not affected.

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. However, this bug was introduced in OpenSSL 1.0.1n, whereas both NoTouch OS as well as the Stratodesk Virtual Appliance use an improved version of 1.0.1f.

Thus, there is nothing to do and no update or patch is necessary.

author avatar
Stratodesk
Stratodesk and ClearCube: A Powerful Solution for Ultra-Secure VDI Environments

For almost 30 years ClearCube has been crafting IT solutions for the most demanding IT…

Read more

Subscribe to our newsletter:

Back To Top