Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200805-07 ] Linux Terminal Server Project: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Fri May 09, 2008 3:26 pm    Post subject: [ GLSA 200805-07 ] Linux Terminal Server Project: Multiple v Reply with quote

Gentoo Linux Security Advisory

Title: Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07)
Severity: normal
Exploitable: remote
Date: May 09, 2008
Bug(s): #215699
ID: 200805-07

Synopsis


Multiple vulnerabilities have been discovered in components shipped with
LTSP which allow remote attackers to compromise terminal clients.


Background


The Linux Terminal Server Project adds thin-client support to Linux
servers.


Affected Packages

Package: net-misc/ltsp
Vulnerable: < 5.0
Architectures: All supported architectures


Description


LTSP version 4.2, ships prebuilt copies of programs such as the Linux
Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA
200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA
200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30)
which were subject to multiple security vulnerabilities since 2006.
Please note that the given list of vulnerabilities might not be
exhaustive.


Impact


A remote attacker could possibly exploit vulnerabilities in the
aforementioned programs and execute arbitrary code, disclose sensitive
data or cause a Denial of Service within LTSP 4.2 clients.


Workaround


There is no known workaround at this time.


Resolution


LTSP 4.2 is not maintained upstream in favor of version 5. Since
version 5 is not yet available in Gentoo, the package has been masked.
We recommend that users unmerge LTSP:
Code:
# emerge --unmerge net-misc/ltsp

If you have a requirement for Linux Terminal Servers, please either set
up a terminal server by hand or use one of the distributions that
already migrated to LTSP 5. If you want to contribute to the
integration of LTSP 5 in Gentoo, or want to follow its development,
find details in bug 177580.


References

GLSA 200705-02
GLSA 200705-06
GLSA 200705-22
GLSA 200705-24
GLSA 200710-06
GLSA 200710-16
GLSA 200710-30
GLSA 200711-08
GLSA 200801-09
Gentoo bug 177580: Port LTSP 5 to Gentoo


Last edited by GLSA on Mon Jun 10, 2013 4:28 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum