Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 21: 2015-16024 Critical Bug In Xpra Local Access

fedora
Calendar Grey September 26, 2015
Dist Fedora Esm H88
This patch resolves an important vulnerability in the xpra configuration, granting local users permission to utilize virtual screens. Further information enclosed.
This update fixes a critical bug with the Xdummy setup which allows local users to access the virtual display used for the xpra sessions

Summary

Xpra is "screen for X": it allows you to run X programs, usually on a remote

host, direct their display to your local machine, and then to disconnect from

these programs and reconnect from the same or another machine, without losing

any state. It gives you remote access to individual applications.

Xpra is "rootless" or "seamless": programs you run under it show up on your

desktop as regular programs, managed by your regular window manager.

Sessions can be accessed over SSH, or password protected over plain TCP sockets.

Xpra is usable over reasonably slow links and does its best to adapt to changing

network bandwidth constraints.

Update Information:

This update fixes a critical bug with the Xdummy setup which allows local usersto access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 - Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23 - Update to 0.15.6

Topics%20covered

Topics Covered

security advisory fedora critical bug fix local access xpra display access

Change Log

References

Fedora Update Notification FEDORA-2015-16024 2015-09-26 17:32:07.294050
Name : xpra Product : Fedora 21 Version : 0.15.6 Release : 1.fc21 URL : https://github.com/Xpra-org/xpra/ Summary : Remote display server for applications and desktops Description : Xpra is "screen for X": it allows you to run X programs, usually on a remote host, direct their display to your local machine, and then to disconnect from these programs and reconnect from the same or another machine, without losing any state. It gives you remote access to individual applications.
Xpra is "rootless" or "seamless": programs you run under it show up on your desktop as regular programs, managed by your regular window manager. Sessions can be accessed over SSH, or password protected over plain TCP sockets. Xpra is usable over reasonably slow links and does its best to adapt to changing network bandwidth constraints.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xpra' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xpra
Product: Fedora 21
Version: 0.15.6
Release: 1.fc21
URL: https://github.com/Xpra-org/xpra/
Summary: Remote display server for applications and desktops

Topics%20covered

Topics Covered

security advisory fedora critical bug fix local access xpra display access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here