Advisories ยป MGASA-2014-0111

Updated x2goserver package fixes security vulnerability

Publication date: 01 Mar 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4376

Description

A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper
x2gosqlitewrapper.c, which does not hardcode an internal path to
x2gosqlitewrapper.pl, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the
privileges of the user running the server process (CVE-2013-4376).

A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has
also been fixed.
                

References

SRPMS

3/core