Updated x2goserver package fixes security vulnerabilityPublication date: 01 Mar 2014
Affected Mageia releases : 3
A vulnerability in x2goserver before 184.108.40.206 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process (CVE-2013-4376). A vulnerability in x2goserver before 220.127.116.11 in x2gocleansessions has also been fixed.