drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in lightdm
| Name: |
Mangelnde Rechteprüfung in lightdm |
|
| ID: |
USN-1262-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 11.10 |
|
| Datum: |
Mi, 16. November 2011, 08:06 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4105 |
|
| Applikationen: |
LightDM |
|
Originalnachricht |
--===============8404268804069673000==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-HKLXun80rzx/t1vPb2Iq"
--=-HKLXun80rzx/t1vPb2Iq
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1262-1
November 15, 2011
lightdm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in Light Display Manager.
Software Description:
- lightdm: Display Manager
Details:
It was discovered that Light Display Manager incorrectly handled privileges
when reading .dmrc files. A local attacker could exploit this issue to read
arbitrary configuration files, bypassing intended permissions.
(CVE-2011-3153)
It was discovered that Light Display Manager incorrectly handled links when
adjusting permissions on .Xauthority files. A local attacker could exploit
this issue to access arbitrary files, and possibly obtain increased
privileges. In the default Ubuntu installation, this would be prevented
by the Yama link restrictions. (CVE-2011-4105)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
liblightdm-gobject-1-0 1.0.6-0ubuntu1.1
liblightdm-qt-1-0 1.0.6-0ubuntu1.1
lightdm 1.0.6-0ubuntu1.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1262-1
CVE-2011-3153, CVE-2011-4105
Package Information:
https://launchpad.net/ubuntu/+source/lightdm/1.0.6-0ubuntu1.1
--ÑKLXun80rzx/t1vPb2Iq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOwroxAAoJEGVp2FWnRL6T2WYP/jmPwjio496ayUr3aSayiEGz
YoxYTus80/gx/lI88kXq9pDh/fQUGNtqzwEktQCcFbcxdE41aMQ19Q2zytUxNzcU
Xpdf6NcsuWtW1DGQ5qUjBijK13/YyY7PeutZ/wzDwqlrbW7XuqHxWWjLDTpszTyl
A7qVUAY0o4A2rumtteNj/ziJ+hlgGdhuuwh3UhL9Kl3lEA3SHmU19Y1gD9KZ5d/2
uhxExmnmMKUZXA2NR2m6VTBv3X/U+wZqGE8NIKHShCw8YaPg1FLfI59S+7Gl8Bt8
Iu9Rj1+dGgkmpaafanhf+q2K5iV1r8TbnThek8aJWbmduWff+uaMktGXgZIZV8cv
C4RJjOCcNAE2rVLA/GSlrAk0dO3d/u+13utt07nYj2EU9lbI8ZVvSmuM7V93FwUR
gJ9t6Zr4zWAwzzy+zG0sjusvCOlC2Xbw3gBXLp+uRF9GnPilwY01/w6sTfXOwfPK
nYuNXD0E/+5+Rkv5JsQ/VdOEl64Co84QXRtPEJWFA477MF+5+g4tmlvWBOFDWHf7
8j+XrCWpPparpxUC4od8uPayTxlbD69YcD8qO9NTkVAt/a3/1WzvZyWnfkDTfDQl
SrtSw7eotX2cjI3nAiog5AHyzQY4h2JLT7q1+41gH7RYP2g/s0ZYw1nJxa1PNtS8
WVuRgIWNG1TdjFrmulRb
=hm2B
-----END PGP SIGNATURE-----
--=-HKLXun80rzx/t1vPb2Iq--
--===============8404268804069673000==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8404268804069673000==--
|
|
|
|
