*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: gdm Sebastian Krahmer discovered that GDM did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges. The upcoming USN 1099-1 addresses the issue for karmic, lucid, and maverick (hardy is not affected); this bug is for tracking for natty. The relevant upstream patch is http://git.gnome.org/browse/gdm/commit/?h=gnome-2-32&id=f2eb8e2b25844d6964129e0232e022995e27e11f ** Affects: gdm (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm in Ubuntu. https://bugs.launchpad.net/bugs/746053 Title: Fix privilege escalation vulnerability (CVE-2011-0727) -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs