Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
cb3abaade449396b06a92dfa2c942915a1d0de11c5182e0be4bee6bc0db93776
Debian Security Advisory 1561-1 - Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.
7c1b5251834a193362f5581177021f87b6d1a3085067f563d362dd16b8fb66c2