Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 27 x2goserver Security Advisory - Critical Network Enhancements

fedora
Calendar Grey March 6, 2018
Dist Fedora Esm H88
The recent Fedora 27 x2goserver update addresses timing safety vulnerabilities and boosts network efficiency by introducing new features.
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via TEMP/NX_TEMP environment variables

Summary

X2Go is a server based computing environment with

- session resuming

- low bandwidth support

- session brokerage support

- client side mass storage mounting support

- audio support

- authentication by smartcard and USB stick

This package contains the main daemon and tools for X2Go server-side session

administrations.

nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via

TEMP/NX_TEMP environment variables. Fixes problems on machines that use

pam_tempdir.so. - Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. -Potentially improve LAN- and WAN-type connection speed settings scenarios.

Includes a regression fix for VPN connections by Simon Matter. - Fix problems in

mate-color-picker and potentially also other applications that make heavy use of

RENDER trapezoids. x2goserver 4.0.1.22: - Fixed overzealous nxagent socket

removal. - Keyboard mapping fixes, including preparation for usage with

Arctica's nx-libs version (not supported in this version of X2Go Server, yet). -Support for Devuan and RT OS full desktop session spawning. - Always use short

host name, don't rely on ${HOSTNAME} variable. Compatibility with non-bash

login shells. - Spawn full desktop sessions with a new dbus user session

instance. - Finnish translation update. - Added support for LXQt full desktop

sessions. - New command: x2golistshadowsessions.

[ 1 ] Bug #1478974 - x2go killed by systemd

https://bugzilla.redhat.com/show_bug.cgi?id=1478974

[ 2 ] Bug #1510900 - nx-libs-3.5.0.33 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1510900

su -c 'dnf upgrade x2goserver' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora critical fix session management network performance nx-libs x2goserver

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 4.0.1.22
Release: 2.fc27
URL: https://wiki.x2go.org/doku.php
Summary: X2Go Server

Topics%20covered

Topics Covered

security advisory fedora critical fix session management network performance nx-libs x2goserver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here