Ubuntu Security Notice USN-610-1
6th May, 2008
ltsp vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.06 LTS
Software description
- ltsp
Details
Christian Herzog discovered that it was possible to connect to any
LTSP client's X session over the network. A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.
Update instructions
The problem can be corrected by updating your system to the following package version:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to update your LTSP client chroots
to effect the necessary changes. For more details, please see:
http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224