Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 27: x2goserver Update 2017-60c4aa0e01 Critical Socket Exploit Fix

fedora
Calendar Grey March 6, 2018
Dist Fedora Esm H88
The latest x2goserver update tackles vulnerabilities in socket security as well as improves connection speed performance. This release contains essential patches.
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via TEMP/NX_TEMP environment variables

Summary

X2Go is a server based computing environment with

- session resuming

- low bandwidth support

- session brokerage support

- client side mass storage mounting support

- audio support

- authentication by smartcard and USB stick

This package contains the main daemon and tools for X2Go server-side session

administrations.

nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via

TEMP/NX_TEMP environment variables. Fixes problems on machines that use

pam_tempdir.so. - Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. -Potentially improve LAN- and WAN-type connection speed settings scenarios.

Includes a regression fix for VPN connections by Simon Matter. - Fix problems in

mate-color-picker and potentially also other applications that make heavy use of

RENDER trapezoids. x2goserver 4.0.1.22: - Fixed overzealous nxagent socket

removal. - Keyboard mapping fixes, including preparation for usage with

Arctica's nx-libs version (not supported in this version of X2Go Server, yet). -Support for Devuan and RT OS full desktop session spawning. - Always use short

host name, don't rely on ${HOSTNAME} variable. Compatibility with non-bash

login shells. - Spawn full desktop sessions with a new dbus user session

instance. - Finnish translation update. - Added support for LXQt full desktop

sessions. - New command: x2golistshadowsessions.

[ 1 ] Bug #1478974 - x2go killed by systemd

https://bugzilla.redhat.com/show_bug.cgi?id=1478974

[ 2 ] Bug #1510900 - nx-libs-3.5.0.33 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1510900

su -c 'dnf upgrade x2goserver' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora patch network exploit connection speed nx-libs x2goserver

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 4.0.1.22
Release: 2.fc27
URL: https://wiki.x2go.org/doku.php
Summary: X2Go Server

Topics%20covered

Topics Covered

security advisory Fedora patch network exploit connection speed nx-libs x2goserver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here