USN-364-1: Xsession vulnerability

16 October 2006

xinit vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10

Software Description

Details

A race condition existed that would allow other local users to see error messages generated during another user’s X session. This could allow potentially sensitive information to be leaked.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
xinit - 1.0.1-0ubuntu3.1
Ubuntu 5.10
xinit - 1.0+0.99.1-4ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect the necessary changes.

References