[USN-1142-1] GDM vulnerability
Jamie Strandboge
jamie at canonical.com
Wed Jun 1 20:22:55 UTC 2011
==========================================================================
Ubuntu Security Notice USN-1142-1
June 01, 2011
gdm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
GDM could be made to launch a browser and leak information about the system.
Software Description:
- gdm: GNOME Display Manager
Details:
Henne Vogelsang discovered that under certain PolicyKit configurations, GDM
could be made to launch a browser. A local attacker could exploit this to
gain access to files with the privileges of the gdm user. PolicyKit is not
configured in this manner in Ubuntu by default.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
gdm 2.32.1-0ubuntu3.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
CVE-2011-1709
Package Information:
https://launchpad.net/ubuntu/+source/gdm/2.32.1-0ubuntu3.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20110601/db15aeaa/attachment.sig>
More information about the ubuntu-security-announce
mailing list