Bug 230147

Summary:	net-misc/nxnode, net-misc/nx: multiple vulnerabilities in X server extensions
Product:	Gentoo Security	Reporter:	Bernard Cafarelli <voyageur>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	nx
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.nomachine.com/news-read.php?idnews=240
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Bernard Cafarelli gentoo-dev

2008-06-30 09:02:40 UTC

"ROME, Italy, June 25, 2008 - NoMachine releases the third maintenance release of NX Node 3.2.0. The new packages provide updated versions of the nx-X11 and nxagent components including patches which solve the issues reported by X.Org security advisory, June 11th, 2008:

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

Although in NX these vulnerabilities cannot lead to privilege escalation since the X11 agent never runs as root, we strongly advise all users to upgrade their NX Node packages to the latest version"

Looks like these are the CVEs from bug #225419

I am currently testing new packages for both net-misc/nxnode and net-misc/nx, will need stable keywords on amd64 and x86

Comment 1 Bernard Cafarelli gentoo-dev

2008-06-30 12:48:27 UTC

Packages bumped, need amd64 and x86 stable keywords:
* net-misc/nxnode-3.2.0-r3
* net-misc/nx-3.2.0-r2

Comment 2 Christian Faulhammer (RETIRED) gentoo-dev

2008-07-03 13:47:39 UTC

x86 stable

Comment 3 Markus Meier gentoo-dev

2008-07-06 20:36:32 UTC

amd64 stable, all arches done.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-07-06 20:42:22 UTC

glsa request filed.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2008-07-09 22:01:32 UTC

GLSA 200807-07