New OpenSSL vulnerability: NoTouch is NOT affected (CVE-2015-1793)

  • Published:
  • Updated:
  • Author: Stratodesk

Today, July 9th, 2015 an OpenSSL vulnerability was disclosed: CVE-2015-1793. NoTouch is not affected.

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. However, this bug was introduced in OpenSSL 1.0.1n, whereas both NoTouch OS as well as the Stratodesk Virtual Appliance use an improved version of 1.0.1f.

Thus, there is nothing to do and no update or patch is necessary.

Share this

New OpenSSL vulnerability: NoTouch is NOT affected (CVE-2015-1793)

Today, July 9th, 2015 an OpenSSL vulnerability was disclosed: CVE-2015-1793. NoTouch is not affected.

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. However, this bug was introduced in OpenSSL 1.0.1n, whereas both NoTouch OS as well as the Stratodesk Virtual Appliance use an improved version of 1.0.1f.

Thus, there is nothing to do and no update or patch is necessary.

How to Overcome Your Fear of Linux Endpoint Operating Systems
May 10, 2023

Before I start this blog, I want to set a little context. When I joined…

Read more
Using Ventoy to Speed Up Version Testing with Stratodesk NoTouch
May 3, 2023

Every now and then you have to try multiple NoTouch OS images to find the…

Read more
April 2023 Newsletter
April 28, 2023

VMware Update | USB Redirection | HIMSS Infographic | Citrix Workspace

Read more

Subscribe to our newsletter:

Back To Top