Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host. NOTE: most ldm installs are likely to be in a chroot environment exported over NFS, and will not be upgraded merely by upgrading the server itself. For example, on the i386 architecture, to upgrade ldm will likely require: chroot /opt/ltsp/i386 apt-get update chroot /opt/ltsp/i386 apt-get dist-upgrade For the stable distribution (etch), this problem has been fixed in version 0.99debian11+etch1. For the unstable distribution (sid), this problem has been fixed in version 2:0.1~bzr20080308-1. We recommend that you upgrade your ldm package.
Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.
NOTE: most ldm installs are likely to be in a chroot environment exported over NFS, and will not be upgraded merely by upgrading the server itself. For example, on the i386 architecture, to upgrade ldm will likely require:
Vulmon
chroot /opt/ltsp/i386 apt-get update
chroot /opt/ltsp/i386 apt-get dist-upgrade
For the stable distribution (etch), this problem has been fixed in version 0.99debian11+etch4.
For the unstable distribution (sid), this problem has been fixed in version 2:0.1~bzr20080308-1.
We recommend that you upgrade your ldm package.
MD5 checksums of the listed files are available in the original advisory.