USN-4533-1: LTSP Display Manager vulnerabilities

22 September 2020

LTSP Display Manager could be made to escalate user privileges.

Releases

Packages

  • ldm - LTSP display manager

Details

Veeti Veteläinen discovered that the LTSP Display Manager (ldm)
incorrectly handled user logins from unsupported shells. A local attacker
could possibly use this issue to gain root privileges. (CVE-2019-20373)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

In general, a standard system update will make all the necessary changes.