News

=========================================================== Ubuntu Security Notice USN-610-1 May 06, 2008 ltsp vulnerability CVE-2008-1293 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: ldm 0.87.1 Ubuntu 7.04: ldm 5.0.7.1 Ubuntu 7.10: ldm 5.0.39.1 After a standard system upgrade you need to update your LTSP client chroots to effect the necessary changes. For more details, please see: http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224 Details follow: Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.