Fedora 27: 2017-60c4aa0e01 Moderate: nx-libs Timingsafe Memcmp Issue
fedora
March 6, 2018
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via TEMP/NX_TEMP environment variables
Summary
NX is a software suite which implements very efficient compression of
the X11 protocol. This increases performance when using X
applications over a network, especially a slow one.
This package provides the core nx-X11 libraries customized for
nxagent/x2goagent.
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via
TEMP/NX_TEMP environment variables. Fixes problems on machines that use
pam_tempdir.so. - Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. -Potentially improve LAN- and WAN-type connection speed settings scenarios.
Includes a regression fix for VPN connections by Simon Matter. - Fix problems in
mate-color-picker and potentially also other applications that make heavy use of
RENDER trapezoids. x2goserver 4.0.1.22: - Fixed overzealous nxagent socket
removal. - Keyboard mapping fixes, including preparation for usage with
Arctica's nx-libs version (not supported in this version of X2Go Server, yet). -Support for Devuan and RT OS full desktop session spawning. - Always use short
host name, don't rely on ${HOSTNAME} variable. Compatibility with non-bash
login shells. - Spawn full desktop sessions with a new dbus user session
instance. - Finnish translation update. - Added support for LXQt full desktop
sessions. - New command: x2golistshadowsessions.
[ 1 ] Bug #1478974 - x2go killed by systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1478974
[ 2 ] Bug #1510900 - nx-libs-3.5.0.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510900
su -c 'dnf upgrade nx-libs' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Product: Fedora 27
Version: 3.5.0.33
Release: 4.fc27
Summary: NX X11 protocol compression libraries
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!