X2Go is an open source terminal server project.
A vulnerability in the setgid wrapper x2gosqlitewrapper.c does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path.
A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process.
There is no known workaround at this time.
All X2Go Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/x2goserver-4.0.0.2"