Advisories ยป MGASA-2014-0111

Updated x2goserver package fixes security vulnerability

Publication date: 01 Mar 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4376


A vulnerability in x2goserver before in the setgid wrapper
x2gosqlitewrapper.c, which does not hardcode an internal path to, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the
privileges of the user running the server process (CVE-2013-4376).

A vulnerability in x2goserver before in x2gocleansessions has
also been fixed.