Gentoo Logo

Linux Terminal Server Project: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200805-07 / ltsp
Release Date May 09, 2008
Latest Revision May 09, 2008: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/ltsp < 5.0 All supported architectures

Related bugreports: #215699

Synopsis

Multiple vulnerabilities have been discovered in components shipped with LTSP which allow remote attackers to compromise terminal clients.

2.  Impact Information

Background

The Linux Terminal Server Project adds thin-client support to Linux servers.

Description

LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive.

Impact

A remote attacker could possibly exploit vulnerabilities in the aforementioned programs and execute arbitrary code, disclose sensitive data or cause a Denial of Service within LTSP 4.2 clients.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

LTSP 4.2 is not maintained upstream in favor of version 5. Since version 5 is not yet available in Gentoo, the package has been masked. We recommend that users unmerge LTSP:

Code Listing 3.1: Resolution

# emerge --unmerge net-misc/ltsp

If you have a requirement for Linux Terminal Servers, please either set up a terminal server by hand or use one of the distributions that already migrated to LTSP 5. If you want to contribute to the integration of LTSP 5 in Gentoo, or want to follow its development, find details in bug 177580.

4.  References



Print

Page updated May 09, 2008

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.