Gentoo Archives: gentoo-announce

From: Mikle Kolyada <zlogene@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201405-26 ] X2Go Server: Privilege Escalation
Date: Mon, 19 May 2014 07:42:00
Message-Id: 5379B658.7020401@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201405-26
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: X2Go Server: Privilege Escalation
9 Date: May 19, 2014
10 Bugs: #497260
11 ID: 201405-26
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A local privilege escalation vulnerability has been discovered in X2Go
19 Server.
20
21 Background
22 ==========
23
24 X2Go is an open source terminal server project.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 net-misc/x2goserver >= 4.0.1.12 >= 4.0.1.12
33
34 Description
35 ===========
36
37 X2Go Server is prone to a local privilege-escalation vulnerability.
38
39 Impact
40 ======
41
42 A local attacker could gain escalated privileges.
43
44 Workaround
45 ==========
46
47 There is no known workaround at this time.
48
49 Resolution
50 ==========
51
52 All X2Go Server users should upgrade to the latest version:
53
54 # emerge --sync
55 # emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.1.12"
56
57 References
58 ==========
59
60 [ 1 ] CVE-2013-7383
61 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7383
62
63 Availability
64 ============
65
66 This GLSA and any updates to it are available for viewing at
67 the Gentoo Security Website:
68
69 http://security.gentoo.org/glsa/glsa-201405-26.xml
70
71 Concerns?
72 =========
73
74 Security is a primary focus of Gentoo Linux and ensuring the
75 confidentiality and security of our users' machines is of utmost
76 importance to us. Any security concerns should be addressed to
77 security@g.o or alternatively, you may file a bug at
78 https://bugs.gentoo.org.
79
80 License
81 =======
82
83 Copyright 2014 Gentoo Foundation, Inc; referenced text
84 belongs to its owner(s).
85
86 The contents of this document are licensed under the
87 Creative Commons - Attribution / Share Alike license.
88
89 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature