USN-610-1: LTSP vulnerability
6 May 2008
LTSP vulnerability
Releases
Packages
- ltsp -
Details
Christian Herzog discovered that it was possible to connect to any
LTSP client's X session over the network. A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.06
After a standard system upgrade you need to update your LTSP client chroots
to effect the necessary changes. For more details, please see:
http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224