[X2Go-Announcement] X2Go Server (4.0.0.8 / Baikal LTS) released

Dear all,

the X2Go project is proud to announce a new LTS release of the X2Go component ,,x2goserver''.

Please note::: This release fixes a severe vulnerability in X2Go Server that allowed an attacker with user permissions in previous versions of X2Go Server to gain root access to the X2Go Server machine. We highly recommend everyone to upgrade their X2Go Server installations.

New gains of this LTS version of ,,x2goserver'' are:

o Improve parsing of the NX session.log file. Fix session
  suspending/resuming when in fails in some occasions.
o Fix severe vulnerability in x2gocleansessions.
o Sanitize session ID string, port numbers, display numbers
  and agent PID numbers before writing them as strings to the
  session DB.

X2Go Component: x2goserver Version: 4.0.0.8 Status: RELEASE Date: Fri, 03 Jan 2014 11:30:54 +0100 Fixes these bug report(s): 347 356 Changes: x2goserver (4.0.0.8) RELEASED; urgency=low . * New upstream version (4.0.0.8): - Use mktemp instead of tempfile (because Fedora does not have
the tempfile binary). (Fixes: #347). - Replace makepasswd by pwgen (because Fedora does not have makepasswd). - Improve parsing of the NX session.log file where unexpected
extra logging takes place during session suspension/resumption. Thanks to
Gerald Richter for finding this!!! (Fixes: #356). - Avoid one argument system calls and backticks in x2gocleansessions and x2golistsessions_root. - Avoid one argument system calls and backticks in x2golistsessions. - Avoid one argument system calls and backticks in x2goprint. - Avoid backticks in x2goshowblocks, move script to
<prefix>/sbin/ as it is for being run with root privileges. - Sanitize session ID string, port numbers, display numbers and
agent PID numbers before writing them as strings to the session DB.

Regards, Mike Gabriel

--

DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...