Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora 22: FEDORA-2015-16023 Critical: Xpra Local Access Bug

fedora
Calendar Grey September 27, 2015
Dist Fedora Esm H88
This patch addresses a critical vulnerability permitting remote access to vnc sessions on Ubuntu, bolstering protection.
This update fixes a critical bug with the Xdummy setup which allows local users to access the virtual display used for the xpra sessions

Summary

Xpra is "screen for X": it allows you to run X programs, usually on a remote

host, direct their display to your local machine, and then to disconnect from

these programs and reconnect from the same or another machine, without losing

any state. It gives you remote access to individual applications.

Xpra is "rootless" or "seamless": programs you run under it show up on your

desktop as regular programs, managed by your regular window manager.

Sessions can be accessed over SSH, or password protected over plain TCP sockets.

Xpra is usable over reasonably slow links and does its best to adapt to changing

network bandwidth constraints.

Update Information:

This update fixes a critical bug with the Xdummy setup which allows local usersto access the virtual display used for the xpra sessions. xpra-0.15.6-1.fc21 - Update to 0.15.6 xpra-0.15.6-1.fc22 - Update to 0.15.6 xpra-0.15.6-1.fc23 - Update to 0.15.6

Topics%20covered

Topics Covered

security advisory fedora critical bug fix local access remote display xpra

Change Log

References

Fedora Update Notification FEDORA-2015-16023 2015-09-27 02:42:34.329117
Name : xpra Product : Fedora 22 Version : 0.15.6 Release : 1.fc22 URL : https://github.com/Xpra-org/xpra/ Summary : Remote display server for applications and desktops Description : Xpra is "screen for X": it allows you to run X programs, usually on a remote host, direct their display to your local machine, and then to disconnect from these programs and reconnect from the same or another machine, without losing any state. It gives you remote access to individual applications.
Xpra is "rootless" or "seamless": programs you run under it show up on your desktop as regular programs, managed by your regular window manager. Sessions can be accessed over SSH, or password protected over plain TCP sockets. Xpra is usable over reasonably slow links and does its best to adapt to changing network bandwidth constraints.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update xpra' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xpra
Product: Fedora 22
Version: 0.15.6
Release: 1.fc22
URL: https://github.com/Xpra-org/xpra/
Summary: Remote display server for applications and desktops

Topics%20covered

Topics Covered

security advisory fedora critical bug fix local access remote display xpra

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here