USN-610-1: LTSP vulnerability

Publication date

6 May 2008

Overview

LTSP vulnerability


Packages

Details

Christian Herzog discovered that it was possible to connect to any
LTSP client’s X session over the network. A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.

Christian Herzog discovered that it was possible to connect to any
LTSP client’s X session over the network. A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.

Update instructions

After a standard system upgrade you need to update your LTSP client chroots to effect the necessary changes. For more details, please see: http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
7.10 gutsy ldm –  5.0.39.1
7.04 feisty ldm –  5.0.7.1
6.06 dapper ldm –  0.87.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›