USN-1399-2: Light Display Manager vulnerability
Ubuntu Security Notice USN-1399-2
13th March, 2012
lightdm vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary
Light Display Manager could be made to delete files as the administrator.
Software description
- lightdm - Display Manager
Details
Ryan Lortie discovered that a guest session script bundled in the Light
Display Manager package improperly cleaned out certain guest session files.
A local attacker could use this issue to delete arbitrary files.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.10:
- lightdm 1.0.6-0ubuntu1.6
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.