[USN-1142-1] GDM vulnerability

Jamie Strandboge jamie at canonical.com
Wed Jun 1 20:22:55 UTC 2011

Ubuntu Security Notice USN-1142-1
June 01, 2011

gdm vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04


GDM could be made to launch a browser and leak information about the system.

Software Description:
- gdm: GNOME Display Manager


Henne Vogelsang discovered that under certain PolicyKit configurations, GDM
could be made to launch a browser. A local attacker could exploit this to
gain access to files with the privileges of the gdm user. PolicyKit is not
configured in this manner in Ubuntu by default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  gdm                             2.32.1-0ubuntu3.2

After a standard system update you need to reboot your computer to make
all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20110601/db15aeaa/attachment.pgp>

More information about the ubuntu-security-announce mailing list