|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0111 (x2goserver)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0111: Updated x2goserver package fixes security vulnerability 


Date:
    	      Sat, 1 Mar 2014 23:55:09 +0100


Message-ID:
    	      <20140301225509.472F34854C@valstar.mageia.org>


MGASA-2014-0111 - Updated x2goserver package fixes security vulnerability

Publication date: 01 Mar 2014
URL: http://advisories.mageia.org/MGASA-2014-0111.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-4376

Description:
A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper
x2gosqlitewrapper.c, which does not hardcode an internal path to
x2gosqlitewrapper.pl, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the
privileges of the user running the server process (CVE-2013-4376).

A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has
also been fixed.

References:
- https://bugs.mageia.org/show_bug.cgi?id=11557
- https://lists.berlios.de/pipermail/x2go-announcement/2013...
- http://www.gentoo.org/security/en/glsa/glsa-201310-19.xml
- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4376

SRPMS:
- 3/core/x2goserver-4.0.1.13-1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds