[prev in list] [next in list] [prev in thread] [next in thread]
List: ubuntu-security-announce
Subject: [USN-1142-1] GDM vulnerability
From: jamie () canonical ! com (Jamie Strandboge)
Date: 2011-06-01 20:22:55
Message-ID: 1306959775.20735.61.camel () localhost
[Download RAW message or body]
==========================================================================
Ubuntu Security Notice USN-1142-1
June 01, 2011
gdm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
GDM could be made to launch a browser and leak information about the system.
Software Description:
- gdm: GNOME Display Manager
Details:
Henne Vogelsang discovered that under certain PolicyKit configurations, GDM
could be made to launch a browser. A local attacker could exploit this to
gain access to files with the privileges of the gdm user. PolicyKit is not
configured in this manner in Ubuntu by default.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
gdm 2.32.1-0ubuntu3.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
CVE-2011-1709
Package Information:
https://launchpad.net/ubuntu/+source/gdm/2.32.1-0ubuntu3.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20110601/db15aeaa/attachment.pgp>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic