Sicherheit: Ausführen beliebiger Kommandos in GDM

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8930877194579549640==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="bLA4LkHmLWkriaz2iBzPle4JmLV7dUbsK"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--bLA4LkHmLWkriaz2iBzPle4JmLV7dUbsK
Content-Type: multipart/mixed;
boundary="dwKPc4D6sHqYM9RtnSWyr7UTRSQ4aD3Z5";
protected-headers="v1"
From: Chris Coulson <chris.coulson@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <8234d059-1ddb-8b80-97cd-aae62cb91be1@canonical.com>
Subject: [USN-3737-1] GDM vulnerability

--dwKPc4D6sHqYM9RtnSWyr7UTRSQ4aD3Z5
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

==========================================================================
Ubuntu Security Notice USN-3737-1
August 13, 2018

gdm3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

GDM could be made to crash or run programs as the administrator.

Software Description:
- gdm3: GNOME Display Manager

Details:

A use-after-free was discovered in GDM. A local user could exploit this to
cause a denial of service, or potentially execute arbitrary code as the
administrator.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
gdm3 3.28.2-0ubuntu1.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3737-1
CVE-2018-14424

Package Information:
https://launchpad.net/ubuntu/+source/gdm3/3.28.2-0ubuntu1.4

--dwKPc4D6sHqYM9RtnSWyr7UTRSQ4aD3Z5--

--bLA4LkHmLWkriaz2iBzPle4JmLV7dUbsK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAltxs3wACgkQYR+97NWU
bg+PSwf7BdsmrvlWWGOKc3WsqImTpunc3pyR//SMlMx1SYKScKIVWk2yvRBVKKko
aMNN0nifK6iF0CWUSjs8+DASMkIfnvn2Sgfu27puV8p/JMhyKJycim+o85Gmdgtl
LfkWCPsha6xTM3xDm13+bDOUxul2GQc8o8V++2g+StvkFx2Brmixw+mQf/YE+w2J
RUqZviFUqN7OdzSHyOF8caqXNOauTr/4IOzBrm4MfQ1lQ/WdztmJM+ANKkkN1EXY
9mC3yKYxkLvHy2EYIk0kILSwRVjnFnhxybngdIgYyvLj762AJbH4p0Whs9PYAk3f
q2wCW/zuJ6CmhlCDGnl2sPdgkwTX4g==
=GRil
-----END PGP SIGNATURE-----

--bLA4LkHmLWkriaz2iBzPle4JmLV7dUbsK--

--===============8930877194579549640==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8930877194579549640==--