Ubuntu Security Notice 1262-1 - It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. It was discovered that Light Display Manager incorrectly handled links when adjusting permissions on .Xauthority files. A local attacker could exploit this issue to access arbitrary files, and possibly obtain increased privileges. In the default Ubuntu installation, this would be prevented by the Yama link restrictions. Various other issues were also addressed.
61e40ebb8859955a63f234353d30af5813f52ebbb4d3496c598362dec3d4de19
==========================================================================
Ubuntu Security Notice USN-1262-1
November 15, 2011
lightdm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in Light Display Manager.
Software Description:
- lightdm: Display Manager
Details:
It was discovered that Light Display Manager incorrectly handled privileges
when reading .dmrc files. A local attacker could exploit this issue to read
arbitrary configuration files, bypassing intended permissions.
(CVE-2011-3153)
It was discovered that Light Display Manager incorrectly handled links when
adjusting permissions on .Xauthority files. A local attacker could exploit
this issue to access arbitrary files, and possibly obtain increased
privileges. In the default Ubuntu installation, this would be prevented
by the Yama link restrictions. (CVE-2011-4105)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
liblightdm-gobject-1-0 1.0.6-0ubuntu1.1
liblightdm-qt-1-0 1.0.6-0ubuntu1.1
lightdm 1.0.6-0ubuntu1.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1262-1
CVE-2011-3153, CVE-2011-4105
Package Information:
https://launchpad.net/ubuntu/+source/lightdm/1.0.6-0ubuntu1.1