x2go-dev

x2go-dev@lists.x2go.org

5399 discussions

CVE-2013-7261: (fwd:) root exploit in X2Go Server
by Mike Gabriel 04 Jan '14

04 Jan '14

Hi all, I have been noticed about a root exploit in X2Go Server code. This vulnerability has been (hopefully) fixed in X2Go Server 4.0.1.10 (and in the LTS release branch 4.0.0.8). This issue has now been a CVE ID to. Please see below. All distributors of X2Go Server, please provide package upgrades to your distribution. Thanks+Greets, Mike ----- Weitergeleitete Nachricht von cve-assign(a)mitre.org ----- Datum: Sat, 4 Jan 2014 11:23:29 -0500 (EST) Von: cve-assign(a)mitre.org Betreff: Re: root exploit in X2Go Server An: mike.gabriel(a)das-netzwerkteam.de Cc: cve-assign(a)mitre.org > this is to request or a CVE-ID. We have been reported and we have > fixed a root exploit in X2Go Server. > > In versions of X2Go Server previous to 4.0.0.8 (LTS release branch) > and previous to 4.0.1.10 (main release branch) a normal user could > gain root access to X2Go Server machines. > > The vulnerability has been fixed by these commits > > http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=c2036a1152a7e57… > http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=80ff6997550749a… Use CVE-2013-7261 for this issue involving root access through the use of shell metacharacters. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] ----- Ende der weitergeleiteten Nachricht ----- -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Bug#391: X2Go issue (in src:x2goserver) has been marked as pending for release
by Mike Gabriel 04 Jan '14

04 Jan '14

tag #391 pending fixed #391 4.0.1.11 thanks Hello, X2Go issue #391 (src:x2goserver) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=0b67dd2 The issue will most likely be fixed in src:x2goserver (4.0.1.11). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 0b67dd24d737a1a13d83b9ebe1d429480a754fba Author: Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Date: Sat Jan 4 11:46:29 2014 +0100 Fix x2gofm.desktop syntax. (Fixes: #391). x2goserver.spec: Enhance requirement of desktop-file-utils, validate x2gofm.desktop during package build. diff --git a/debian/changelog b/debian/changelog index 7e03fa5..e5869f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,10 @@ x2goserver (4.0.1.11-0x2go1) UNRELEASED; urgency=low - * Continue development on stable branch of X2Go Server... + * New upstream version (4.0.1.11): + - Fix x2gofm.desktop syntax. (Fixes: #391). + * x2goserver.spec: + - Enhance requirement of desktop-file-utils, validate x2gofm.desktop + during package build. -- Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Sat, 04 Jan 2014 11:29:35 +0100

2 1

Error x2go
by Dario Zarama 04 Jan '14

04 Jan '14

goodnight I have this problem when running the plugin in ubuntu 12.04 lts x2go, also have the same problem intentanto accessed from windows8 please help with this problem thank you very much att: Dario Fernando Zarama Rivadeneira

2 1

Bug#391: Need trailing ; in MimeType in desktop file
by Orion Poplawski 03 Jan '14

03 Jan '14

Package: x2goserver Version: 4.0.1.10 Tags: patch This fixes. You also want: in %package fmbindings: BuildRequires: desktop-file-utils Requires(post): desktop-file-utils Requires(postun): desktop-file-utils in %install: desktop-file-validate %{buildroot}%{_datadir}/applications/x2gofm.desktop -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

1 0

/usr/share/X11/xkb/keymap.dir
by Orion Poplawski 01 Jan '14

01 Jan '14

As Roderick Johnstone has noted in https://bugzilla.redhat.com/show_bug.cgi?id=1033876, the NX code appears to require a keymap.dir file to locate a keymap directory (see NXVerifyXkbBaseDirectory in nx-libs-3.5.0.21/nx-X11/programs/Xserver/xkb/ddxLoad.c). This is no longer required by even RHEL6 xorg code and so is not provided there or in Fedora. So it looks like I'm going to need to have the Fedora nxagent rpm provide /usr/share/X11/xkb/keymap.dir. Does this seem correct? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion(a)cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com

1 0

Info for X2Go Android Client developers
by Stefan Baur 01 Jan '14

01 Jan '14

Hi, I haven't really checked this out myself, but a friend pointed me at http://theqvd.com/blog/qvd-client-for-android-1-0-release According to him, this is also some kind of NoMachine NX fork, their code is available under GPL, and they have a working (though still Beta) Android client. Maybe it's possible to use their code as a basis for an X2Go Android Client? -Stefan

1 0

Bug#390: Provide meta packages x2goserver-<desktopshell>
by Mike Gabriel 30 Dec '13

30 Dec '13

Package: x2goserver Version: 4.0.1.10 Severity: wishlist Tag: deb-packages Tag: rpm-packages Provide meta packages that pull in all recommended/required packages for specific desktop shells (e.g. x2goserver-gnome2, x2goserver-lxde, etc.). Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Bug#388: New wiki account for Schlomo Schapiro
by Mike Gabriel 30 Dec '13

30 Dec '13

Control: close -1 Hi Schlomo, On Mo 30 Dez 2013 14:36:55 CET, Schlomo Schapiro wrote: > Package: wiki.x2go.org > > Please create a wiki account for me. > > First name: > Schlomo > L > ast name: > Schapiro > Account name: > schlomo > GPG-Fingerprint: BC41 11AB 3732 C5AA 28C6 31B1 9177 12AC 9E62 229E The account has just been created. You should have received your credentials in a separate encrypted mail. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Bug#389: Spelling/English language syntax patches to x2goclient
by Stefan Baur 30 Dec '13

30 Dec '13

package: x2goclient severity: normal version: 4.0.1.3 These patches fix some spelling/English language syntax issues in x2goclient. -Stefan

1 0

Bug#387: use dbus-launch to start recent gnome-terminal applications
by Mike Gabriel 30 Dec '13

30 Dec '13

Package: x2goserver Severity: minor Version: 4.0.1.9 TL;DR: when gnome-terminal exits, it takes a while until X2Go Client returns back to the login screen. A fix could be to launch gnome-terminal with dbus-launch. Mike Taken from a private / German e-Mail conversation on that issue... """ >>> * Wenn ich nur eine Terminalverbindung öffne, wie kann ich dann die >>> Sitzung beenden? Wenn ich das Terminal schließe bleibt die Sitzung >>> weiter offen und ich kann in dieser Sitzung auch kein neues Terminal >>> öffnen. >> >> Konsole und GNOME-Terminal ab GNOME v3.8 forken leider beim Start >> direkt in den Hintergrund. Nach einiger Zeit erkennt der >> unterliegende X-Server (x2goagent), dass kein X-Client mehr aktiv >> ist und dann beendet er sich selbst. Diese Wartezeit liegt bei ca. >> 30sec. > In einem kurzen Test auf Ubuntu 13.10 hat "gnome-terminal > --disable-factory" gegen das forken geholfen. Oder der Aufruf mit > "dbus-launch gnome-terminal" :-) > > Etwas mehr Testen hat aber gezeigt, dass das Forken gar nicht das > eigentliche Problem ist sondern der dbus-launch der da noch im > Hintergrund passiert. Der Hält z.B. auch eine SSH Sitzung offen. > Einfacher Test: ssh <remote-host> und mit ~# die Connections > checken. Dann gnome-terminal aufrufen und beenden und nochmal mit ~# > die Connections checken. Bei mir waren dann noch 2 Connections da > die ein netstat -tpn auf dbus-launch zurückführt. > > Vielleicht müsst Ihr einfach das Terminal mit Hilfe von dbus-launch > starten? Ist ja eh korrekter, weil dann die Remote Session einen > eigenen DBus hat. Und wenn das Terminal sich beendet, dann ist auch > der dbus weg. """ -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

x2go-dev