Paketname
x2goserver
Datum
2014-03-17
Advisory ID
MDVSA-2014:063
Betroffene Versionen
MBS1 x86_64

Problembeschreibung

Updated x2goserver package fixes security vulnerability:

A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper
x2gosqlitewrapper.c, which does not hardcode an internal path to
x2gosqlitewrapper.pl, allowing a remote attacker to change that
path. A remote attacker may be able to execute arbitrary code with
the privileges of the user running the server process (CVE-2013-4376).

A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions
has also been fixed.

Aktualisierte Pakete

MBS1 x86_64

 eb26c90fdc53040f10c6ad4d3064c7ee  mbs1/x86_64/x2goserver-4.0.1.13-1.mbs1.x86_64.rpm
 b32edf4af4c0aff51dd1591f3f4c3f02  mbs1/x86_64/x2goserver-postgresql-4.0.1.13-1.mbs1.x86_64.rpm
 26a1b81d443ad892848681b11895c28a  mbs1/x86_64/x2goserver-sqlite-4.0.1.13-1.mbs1.x86_64.rpm 
 a1d27787d6e4485a506f546c83700129  mbs1/SRPMS/x2goserver-4.0.1.13-1.mbs1.src.rpm

Referenzen