Mandriva Linux Security Advisory : x2goserver (MDVSA-2014:063)
High Nessus Plugin ID 73067
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated x2goserver package fixes security vulnerability :
A vulnerability in x2goserver before 184.108.40.206 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process (CVE-2013-4376).
A vulnerability in x2goserver before 220.127.116.11 in x2gocleansessions has also been fixed.
SolutionUpdate the affected x2goserver, x2goserver-postgresql and / or x2goserver-sqlite packages.