Your submission was sent successfully! Close

USN-1262-1: Light Display Manager vulnerabilities

15 November 2011

Several security issues were fixed in Light Display Manager.

Releases

Packages

Details

It was discovered that Light Display Manager incorrectly handled privileges
when reading .dmrc files. A local attacker could exploit this issue to read
arbitrary configuration files, bypassing intended permissions.
(CVE-2011-3153)

It was discovered that Light Display Manager incorrectly handled links when
adjusting permissions on .Xauthority files. A local attacker could exploit
this issue to access arbitrary files, and possibly obtain increased
privileges. In the default Ubuntu installation, this would be prevented
by the Yama link restrictions. (CVE-2011-4105)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10

After a standard system update you need to reboot your computer to make
all the necessary changes.