*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: gdm
Sebastian Krahmer discovered that GDM did not properly drop privileges
when handling the cache directories used to store users' dmrc and
face icon files. This could allow a local attacker to change the
ownership of arbitrary files, thereby gaining root privileges.
The upcoming USN 1099-1 addresses the issue for karmic, lucid, and
maverick (hardy is not affected); this bug is for tracking for natty.
The relevant upstream patch is
http://git.gnome.org/browse/gdm/commit/?h=gnome-2-32&id=f2eb8e2b25844d6964129e0232e022995e27e11f
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gdm in Ubuntu.
https://bugs.launchpad.net/bugs/746053
Title:
Fix privilege escalation vulnerability (CVE-2011-0727)
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
