IGEL Universal Desktop OS 2 =========================== Version 5.11.290 Release date 2017-07-11 Last update of this document 2017-07-11 ============================================================================= Security Fixes: ============================================================================= - Fixed kernel security issue CVE-2017-1000364. - Security fix for Secure Shadowing: do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). - Added possibility to configure minimal allowed ssh cipher security. New registry keys: * network.ssh_client.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit * network.ssh_server.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit ============================================================================= Versions: ============================================================================= Clients: - Citrix Access Gateway Standard Plug-in 4.6.3.0800 - Citrix HDX Realtime Media Engine 2.2.100-949 - Citrix Receiver 12.1.8.250715 - Citrix Receiver 13.3.2.366713 - Citrix Receiver 13.5.0.10185126 - Dell vWorkspace Connector for Linux 8.6.1 - Ericom PowerTerm 12.0.1.0.20170219.2-_dev_-34574 - Ericom PowerTerm 9.2.0.6.20091224.1-_rc_-25848 - Ericom Webconnect 5.6.0.4000-rel.20413 - Evidian AuthMgr 1.4.6132 - Evince PDF Viewer 2.30 - FabulaTech USB for Remote Desktop 5.1.3 - Firefox 45.6.0 - IBM iSeriesAccess 7.1.0-1.0 - IBM iAccess Client Solutions 1.1.5.0 - IGEL Legacy RDP Client 1.0 - IGEL RDP Client 2.2 - Imprivata OneSign ProveID Embedded - Leostream Java Connect 3.0.57.0 - NCP Secure Client (Enterprise) 3.25-rev23310-i686 - NX Client 5.2.11 - Open VPN 2.3.2 - Oracle JRE 1.8.0_121 - Parallels 2X Client 15.5.2.16129 - Remote Viewer 4.0 for RedHat Enterprise Virtualization Desktops - Systancia AppliDis 4.0.0.14 - Thinlinc Client 4.7.0-5280 - ThinPrint Client 7.0.78 - Totem Media Player 2.30.2 - Nimboxx VERDE Client 8.0.0-rel.25568 - VMware Horizon client 4.5.0-5650368 - Voip Client Ekiga 4.0.1 - CREALOGIX CLX.Giromat 1.1.0b3 Dictation: - Driver for Grundig Business Systems dictation devices - Diktamen Extensions for dictation 1.1 - Nuance Audio Extensions for dictation 7.47.0 - Driver for Olympus dictation devices - Legacy Philips Speech Driver 5.0.10 - Philips Speech Driver 12.4.10 Signature: - signotec VCOM Daemon 2.0.0 - Softpro/Kofax Citrix Virtual Channel 3.1.33.2 - StepOver TCP Client 1.0.2 Smartcard: - PKCS#11 Library A.E.T SafeSign 3.0.93 - PKCS#11 Library Athena IDProtect 623.07 - PKCS#11 Library cryptovision sc/interface 6.6.3 - PKCS#11 Library Gemalto IDPrime 1.2.1 - PKCS#11 Library SecMaker NetID 6.5.2.37 - PKCS#11 Library ASIP Sante cryptolibcps 5.0.9 - Reader Driver ACS CCID 1.1.1 - Reader Driver HID Global Omnikey CCID 4.0.5.5 - Reader Driver Identiv / SCM Microsystems CCID 5.0.35 - Reader Driver MUSCLE CCID 1.4.25 - Reader Driver Omnikey CCID legacy-3.6.0 - Reader Driver Omnikey RFID legacy-2.7.2 - Reader Driver REINER SCT cyberJack 3.99.5final.SP09 - Reader Driver Gemalto / SafeNet eToken 8.1.0-4 - Reader Driver SCM Microsystems CCID Legacy 5.0.21 - Reader Driver SCM Microsystems SDI011 5.0.18 - Resource Manager PC/SC Lite 1.8.21 System Components: - Graphics Driver INTEL 2.99.917+git20160706-1ubuntu1 - Graphics Driver ATI/RADEON 7.8.0-1 - Graphics Driver ATI/AMDGPU 1.2.0-1 - Graphics Driver NVIDIA 304.131-0ubuntu0.14.04.1 - Graphics Driver VIA 5.76.52.92-009-005f78-20150730 - Graphics Driver VIA Legacy 5.75.32.87a-59172 - Graphics Driver Vboxvideo 5.1.12-dfsg-2 - Graphics Driver VESA 2.3.4-0ubuntu1~trusty1 - Input Driver Evdev 2.9.0-1ubuntu2~trusty1 - Input Driver eGalax 2.5.2107 - Input Driver Synaptics 1.8.2-1ubuntu1~trusty1 - Input Driver Vmmouse 13.1.0-0ubuntu1~trusty1 - Input Driver Wacom 0.25.0-0ubuntu1.1~trusty1 - Kernel 4.4.35 #59.80-udos-r1829 - Xorg X11 Server lts-wily-1.17.4 - Xorg Xephyr lts-wily-1.17.4 ============================================================================= Known Issues: ============================================================================= [Citrix] - Videos encoded with the rare combination H.264/MP3 won't play audio. [Evidian] - Active Directory users with a password containing special characters may have problems to authenticate with the configured session. Known special characters which results in errors are: ` (grave accent, ASCII code 96) ´ (acute accent, ASCII code 239) [RDP/IGEL RDP Client 2] - EVOR video redirection does not work reliably: Workaround the issue by disabling: Sessions -> RDP -> RDP Sessions -> [session name] -> Multimedia -> Enable Video Redirection or by disabling: Sessions -> RDP -> RDP Global -> Multimedia -> Enable Video Redirection. [VMware Horizon] - The on-insertion feature is only working if the client drive mapping is switched off. In the IGEL Setup Client drive mapping can be found in: Sessions -> RDP -> RDP Global -> Mapping -> Drive mapping -> Enable Drive Mapping ============================================================================= IGEL Universal Desktop OS 2 5.11.290 (private build based on 5.11.280) ============================================================================= ============================================================================= New features: ============================================================================= [Base system] - Added automatic update on shutdown controlled by the new introduced parameter: update.autoupdate_on_shutdown (default: "false"). ============================================================================= Resolved issues: ============================================================================= [Base system] - Fixed buddy update server functionality in devices with little free space on the local storage (e.g. Flash-Card or SSD smaller than 2Gb). If "update.ftpd.provide_deactivated_services" parameter is set to "false" (default: "true") then the buddy update server doesn't provide deactivated partitions. [X server] - Fixed VIA driver for VX900 based devices. VX855/800 devices fallback automatically to the VIA fallback driver since the new driver does not support these devices reliably enough at the moment. To disable the automatic VX855/800 fallback feature, set "x.drivers.via.fallback_vx855_auto_use = false" (defaults to "true"). [Audio] - Fixed sound output over DisplayPort in IGEL UD devices. ============================================================================= IGEL Universal Desktop OS 2 5.11.280 (private build based on 5.11.270) ============================================================================= ============================================================================= New features: ============================================================================= [VMware Horizon] - Updated VMware Horizon Client to version 4.5.0-5650368 Added keys in the IGEL registry to modify the USB-redirection behavior: vmware.view.usb-autoconnect-at-start-up if set to true USB devices are redirected at start-up (i.e. when then Client connects to the desktop) if set to false USB devices are not redirected, but only listed as available in the vmware menubar. [Citrix] - Integrated Citrix Receiver 13.5.0 ============================================================================= Resolved issues: ============================================================================= [RDP/IGEL RDP Client 2] - Improved COM Port Mapping: fixed waiting for event character. - Fix printer mapping: a mapped printer is set as default printer inside the session if and only if it is the default printer on the thin client. Before this fix the first mapped printer was set as default printer. [Network] - Improved adoption of hostname from DHCP lease. [WiFi] - Improved WiFi connection establishment in connection with Broadcom chips. [Smartcard] - Fixed Active Directory log on with smart card: in some cases sporadic error messages "Unknown smart card." occurred. [Base system] - Fixed regression from kernel CVE-2017-1000364 fix. ============================================================================= IGEL Universal Desktop OS 2 5.11.270 (private build based on 5.11.260) ============================================================================= [RD Web Access] - Fixed resize of EXCEL columns when published via RD web access. [Base system] - Fixed kernel security issue CVE-2017-1000364. [Driver] - Added support for 3DConnexion SpaceMouse Wireless Pro [X11 system] - Fixed spice desktop could not be shown on VIA devices problem. [X server] - X-Server crash on VIA based hardware fixed. [Audio] - Fixed audio jack detection in IGEL UD2 (D220) ============================================================================= IGEL Universal Desktop OS 2 5.11.260 (private build based on 5.11.240) ============================================================================= New features: ============================================================================= [VMware Horizon] - Updated VMware Horizon Client to version 4.5.0-5650368 [Hardware] - Make Video outputs of Dell Advanced E-PORT II DOCK available in UDC2 (not visible as connector in setup -> use automatic) ============================================================================= Resolved issues: ============================================================================= [VMware Horizon] - Fixed input language synchronization for PCoIP sessions [Firefox] - Updated Flash Player download URL to version 26.0.0.126 [Smartcard] - New version of PC/SC Lite smart card resource manager 1.8.21 - Added parameter scard.pcscd.poweron, default: false If set to true, inserted smart cards will stay powered on. This might help in cases where powering the card after a power off fails. [X11 system] - Fixed not shown desktop on Dell P2217 monitor (now also for DELL P2217H model). - Added registry key x.xserver0.force_reconfig (defaults to false) to force a X reconfiguration. [genucard VPN] - Add german translation for WIFI power error message and disable the message getting shown when no WIFI scan is in progress. Reactivate the internet disconnect button when a VPN connection is established. Set the minimum size of the WIFI connection dropdown to two elements. ============================================================================= IGEL Universal Desktop OS 2 5.11.240 (private build based on 5.11.230) ============================================================================= Resolved issues: ============================================================================= [genucard VPN] - Fixed running into a too short timeout during rekeying and displaying an incorrect message about the rekeying result. [Smartcard] - Enhanced IGEL Smartcard to support Remote Desktop Web Access sessions. [Base system] - Security fix for Secure Shadowing: Only accept encryption ciphers with more then 128bit key length (disables AES128). - Added possibility to configure minimal allowed ssh cipher security. New registry keys: * network.ssh_client.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit * network.ssh_server.minimal_encryption_level (defaults to 128bit) possible range 128bit, 192bit or 256bit [Windowmanager] - Fixed memory leak if taskbar background is an image. ============================================================================= IGEL Universal Desktop OS 2 5.11.230 (private build based on 5.11.200) ============================================================================= Resolved issues: ============================================================================= [Base system] - Security fix for Secure Shadowing: do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808). Due to the higher security demands Secure Shadowing is not anymore supported with Java 6 based UMS version 4.07.xxx and 4.08.xxx. Secure Shadowing is supported with UMS 5 and UMS 4.09.xxx. [Driver] - 3DConnexion SpaceMouse Wireless is now also usable while connected via USB for charging. ============================================================================= IGEL Universal Desktop OS 2 5.11.200 ============================================================================= New features: ============================================================================= [Citrix] - Updated Citrix HDX RTME (Optimization for Skype for Business) to 2.2.100-949 [Parallels Client] - Parallels 2X Client updated to version 15.5.2. Added new setup parameter: "Adaptive RemoteFX (RDP 8.1)" at IGEL Setup -> Sessions -> Parallels Client Sessions -> [session name] -> Experience Registry key: * sessions.twox.experience.remotefx_adaptive (bool, default: true) This parameter enables the "RemoteFX Progressive and H.264 (RDP 8.1) Parallels 2X options" to enhance end-user experience. Added new registry parameter "Use all monitors for Desktop session (if applicable)". Registry key: * sessions.twox.advanced.all_monitor_for_desktop (bool, default:false) This parameter enable the extend to all monitor feature when connection to remote desktops. [NX client] - NoMachine NX Client updated to version 5.2.11 [Firefox] - Updated Flash Player download URL to version 25.0.0.127 [Network] - Port for SSH sessions can be configured now at IGEL Setup -> Sessions -> SSH -> [session name] -> Options Registry key: * sessions.ssh.options.port (int, default: 22) [Smartcard] - Added SecMaker Net iD browser plugin. To enable the feature activate the following paramter: * browser_plugin.secmaker.netid (bool, default: false) [X11 system] - Added registry key x.drivers.intel.use_tear_free (default false) which can be activated to avoid tearing artefacts. [Base system] - It is now possible to upgrade to IGEL Linux 10. For more information, see the particular section in eDocs. - Fixed an issue where the license for an upgrade to IGEL Linux 10 was acciden- tally rejected even though it's valid. Please note, that any device affected by this problem needs to be upgraded to at least firmware version 10.02.100. These devices won't be downgradable below firmware version 10.02.100!! - Added support for special UDC2/UDC3 upgrade license. Please note, that any device equipped with this license needs to be upgraded to at least firmware version 10.02.100. Moreover, these devices won't be downgradable below firmware version 10.02.100!! [TC Setup (Java)] - Added "IGEL Linux 10 Upgrade" session configuration to IGEL Setup -> Acces- sories. ============================================================================= Resolved issues: ============================================================================= [RDP/IGEL RDP Client 2] - RDP multimonitor sessions can now be configured dynamically via the "Display Switch". - Fixed automatic reconnect while serial port and printer mapping are active. - Fixed RDP desktop scaling setting so that the server side desktop scaling setting takes precedence when the TC desktop scaling setting is set to 100%. - Fixed termination of RDP client with active DriveLock channel. Before this fix the process vddlockrdp consumed full CPU power after a session was terminated. [Firefox] - Fixed case where once used preset proxy credentials remain valid in the browser profile even if current settings like in local logon mode require the actual user to be used and not the old preset. [Network] - Fixed mounting of windows drives in the network drives menu. - Enabled UDC installed devices to act as gateway for waking up the devices in the internal net via WakeOnLAN. [WiFi] - New registry keys: * network.interfaces.wirelesslan.device0.wpa.passphrase_crypt_password * network.interfaces.wirelesslan.device0.alt_ssid%.wpa.passphrase_crypt_password These are used for storing encrypted WPA Personal passphrases. The keys with- out '_crypt_password' suffix, that have stored cleartext passphrases, still exists to preserve compatibility with older UMS versions. New software will use the new keys and delete values of the old keys, when changes are made. Usage of UMS 5.06.100 or higher is needed. [genucard VPN] - Fixed not being able to open the genucard connector application after it was started during boot time. [Smartcard] - Fixed detection of smart card readers (e.g. Kobil mIDentity) to be useable with DATEV Sicherheitspaket V4.3 and DATEV Sicherheitspaket compact V3.2 within RDP sessions. - Fixed reading Gemalto IDPrime smart cards with IDGo800 User Tool inside Citrix ICA sessions. [Base system] - Fixed in-session control bar positioning for single screen sessions on second monitor of multi monitor setups. - New registry key: * custom_partition.%source.crypt_password This is used for storing an encrypted password regarding the download of custom partitions. The key without 'crypt_' prefix, that have stored clear- text password, still exist to preserve compatibility with older UMS versions. New software will use the new key and delete value of the old key, when changes are made. Usage of UMS 5.06.100 or higher is needed. - The total uptime of the device is now migrated to IGEL Linux 10 after upgrad- ing the firmware. [TC Setup (Java)] - Reworked parameter "IGEL Setup -> System -> Firmware Update -> Retry automatic upgrade to IGEL Linux 10 despite of upgrade failure". This parameter is not dependent on "Automatic Update Check" anymore and hence has been renamed to "Retry upgrade to IGEL Linux 10 despite of upgrade failure". Conversely, this parameter is now dependent on "Allow firmware upgrade to IGEL Linux 10". [Remote Management] - Fixed a bug where messages from the UMS occasionally disappeared and were not visible in an active fullscreen session. [X11 system] - Fixed monitor configuration on older Nvidia graphic cards like Geforce 9300 LE. - Fixed non-working dual view DVI + DP for HP t610. - Fixed non-working DisplayPort on HP t5745. - Fixed non-working VGA screen for DELL WYSE D50D. - Fixed mouse cursor hangs and chops on Zotac ZBox-CI323NANO-BE. [Misc] - Fixed starting methods of accessory CLX.Giromat.