drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in lightdm
Name: |
Mangelnde Rechteprüfung in lightdm |
|
ID: |
USN-1262-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 11.10 |
|
Datum: |
Mi, 16. November 2011, 08:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4105 |
|
Applikationen: |
LightDM |
|
Originalnachricht |
--===============8404268804069673000== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-HKLXun80rzx/t1vPb2Iq"
--=-HKLXun80rzx/t1vPb2Iq Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1262-1 November 15, 2011
lightdm vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in Light Display Manager.
Software Description: - lightdm: Display Manager
Details:
It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. (CVE-2011-3153)
It was discovered that Light Display Manager incorrectly handled links when adjusting permissions on .Xauthority files. A local attacker could exploit this issue to access arbitrary files, and possibly obtain increased privileges. In the default Ubuntu installation, this would be prevented by the Yama link restrictions. (CVE-2011-4105)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: liblightdm-gobject-1-0 1.0.6-0ubuntu1.1 liblightdm-qt-1-0 1.0.6-0ubuntu1.1 lightdm 1.0.6-0ubuntu1.1
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1262-1 CVE-2011-3153, CVE-2011-4105
Package Information: https://launchpad.net/ubuntu/+source/lightdm/1.0.6-0ubuntu1.1
--ÑKLXun80rzx/t1vPb2Iq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJOwroxAAoJEGVp2FWnRL6T2WYP/jmPwjio496ayUr3aSayiEGz YoxYTus80/gx/lI88kXq9pDh/fQUGNtqzwEktQCcFbcxdE41aMQ19Q2zytUxNzcU Xpdf6NcsuWtW1DGQ5qUjBijK13/YyY7PeutZ/wzDwqlrbW7XuqHxWWjLDTpszTyl A7qVUAY0o4A2rumtteNj/ziJ+hlgGdhuuwh3UhL9Kl3lEA3SHmU19Y1gD9KZ5d/2 uhxExmnmMKUZXA2NR2m6VTBv3X/U+wZqGE8NIKHShCw8YaPg1FLfI59S+7Gl8Bt8 Iu9Rj1+dGgkmpaafanhf+q2K5iV1r8TbnThek8aJWbmduWff+uaMktGXgZIZV8cv C4RJjOCcNAE2rVLA/GSlrAk0dO3d/u+13utt07nYj2EU9lbI8ZVvSmuM7V93FwUR gJ9t6Zr4zWAwzzy+zG0sjusvCOlC2Xbw3gBXLp+uRF9GnPilwY01/w6sTfXOwfPK nYuNXD0E/+5+Rkv5JsQ/VdOEl64Co84QXRtPEJWFA477MF+5+g4tmlvWBOFDWHf7 8j+XrCWpPparpxUC4od8uPayTxlbD69YcD8qO9NTkVAt/a3/1WzvZyWnfkDTfDQl SrtSw7eotX2cjI3nAiog5AHyzQY4h2JLT7q1+41gH7RYP2g/s0ZYw1nJxa1PNtS8 WVuRgIWNG1TdjFrmulRb =hm2B -----END PGP SIGNATURE-----
--=-HKLXun80rzx/t1vPb2Iq--
--===============8404268804069673000== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8404268804069673000==--
|
|
|
|