Gentoo Logo

Linux Terminal Server Project: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200805-07 / ltsp
Release Date May 09, 2008
Latest Revision May 09, 2008: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/ltsp < 5.0 All supported architectures

Related bugreports: #215699


Multiple vulnerabilities have been discovered in components shipped with LTSP which allow remote attackers to compromise terminal clients.

2.  Impact Information


The Linux Terminal Server Project adds thin-client support to Linux servers.


LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive.


A remote attacker could possibly exploit vulnerabilities in the aforementioned programs and execute arbitrary code, disclose sensitive data or cause a Denial of Service within LTSP 4.2 clients.

3.  Resolution Information


There is no known workaround at this time.


LTSP 4.2 is not maintained upstream in favor of version 5. Since version 5 is not yet available in Gentoo, the package has been masked. We recommend that users unmerge LTSP:

Code Listing 3.1: Resolution

# emerge --unmerge net-misc/ltsp

If you have a requirement for Linux Terminal Servers, please either set up a terminal server by hand or use one of the distributions that already migrated to LTSP 5. If you want to contribute to the integration of LTSP 5 in Gentoo, or want to follow its development, find details in bug 177580.

4.  References


Page updated May 09, 2008

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.