Summary: | <net-misc/x2goserver-4.0.1.12: privilege escalation (CVE-2013-7383) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bernard Cafarelli <voyageur> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | nx |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.berlios.de/pipermail/x2go-announcement/2014-January/000165.html | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bernard Cafarelli
2014-01-06 12:28:37 UTC
Thanks for the report 4.0.1.10 fixed the vulnerability but introduced a small bug when session ID strings contained dot characters. So arches please test and mark stable =net-misc/x2goserver-4.0.1.11 instead, thanks! Another hotfix release (this time for remote printing) came, so I removed the previous stable candidates. Sorry for the noise Arches, new stable target is =net-misc/x2goserver-4.0.1.12 amd64 stable x86 stable Vulnerable versions removed from tree Maintainers and Arches thank you for your work. GLSA Request filed. This issue was resolved and addressed in GLSA 201405-26 at http://security.gentoo.org/glsa/glsa-201405-26.xml by GLSA coordinator Mikle Kolyada (Zlogene). |