[X2Go-Announcement] X2Go Server (4.0.1.10) released

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Fri Jan 3 20:37:41 CET 2014


Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,x2goserver''.

This release pulls in all changes that got introduced in our Baikal
LTS release 4.0.0.8, including a severe vulnerability in
x2gocleansessions. Gains of the LTS version 4.0.0.8 of ,,x2goserver''
are:

   o Improve parsing of the NX session.log file. Fix session
     suspending/resuming when in fails in some occasions.
   o Fix severe vulnerability in x2gocleansessions.
   o Sanitize session ID string, port numbers, display numbers
     and agent PID numbers before writing them as strings to the
     session DB.

Please note::: This release fixes a severe vulnerability in X2Go Server
that allowed an attacker with user permissions to gain root access to
the X2Go Server machine. Everyone, please upgrade your X2Go Server
installations.

New gains of the version 4.0.1.10 of ,,x2goserver'' are:

   o Fix x2goresume-session that we broke in 4.0.1.9.
   o Fix the x2goserver-fmbindings Makefile.
   o Allow enabling/disabling of TCP listening of x2goagent.
   o Provide Xsession support for RPM based distribution.

This version of X2Go Server is the first version that we as X2Go upstream
also provide as RPM packages for Fedora [1] and EPEL-5 and EPEL-6 [2].

[1] http://wiki.x2go.org/doku.php/wiki:repositories:fedora
[2] http://wiki.x2go.org/doku.php/wiki:repositories:epel


X2Go Component: x2goserver
Version: 4.0.1.10
Status: RELEASE
Date: Fri, 03 Jan 2014 11:34:36 +0100
Fixes these bug report(s): 354 355
Changes:
  x2goserver (4.0.1.10) RELEASED; urgency=low
  .
    * New upstream version (4.0.1.10):
      - Fix x2goresume-session. The several parameters placed into the  
NX options
        file are expected by x2goresume-session at very specific  
positions. This
        we broke by trying to fix the fullscreen/geometry issue in  
x2gostartagent.
        Thanks to Harvey Eneman for tracking this down!!! (Fixes: #355).
      - x2goserver-fmbindings/Makefile: install x2gofm.
      - x2goserver-fmbindings/Makefile: install share/applications and  
share/mime.
      - x2goserver-printing/Makefile: create feature.d directory  
before installing
        files into it.
      - Handle TCP listening of x2goagent in x2goagent.options. (Fixes: #354).
      - Clean up Makefiles, remove commented out lines.
      - Use xkb ruleset 'base' rather than xfree86 as on RHEL systems the
        xfree86 symlink to base ruleset does not exist.
      - Grab systemd service file from Fedora and ship it upstream.
      - Provide RHEL/Fedora support in x2goserver-xsession.
      - Only sanity check for existence of /etc/x2go/Xsession.d on Debian
        (derived) systems.
      - Provide man page for x2goserver.conf.
    * x2goserver.spec:
      + Ship x2goserver.spec (RPM package definitions) in upstream project.
        (Thanks to the Fedora package maintainers). File differs from  
the Fedora
        file already.
      + Add init script for RPM based distro. Taken from the Fedora
        package.
      + Clear (Fedora package) changelog.


Regards,
Mike Gabriel


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-announcements/attachments/20140103/d0b8ffff/attachment.pgp>


More information about the x2go-announcements mailing list