Ubuntu Security Notice USN-517-1
25th September, 2007
kdebase vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Software description
- kdebase
Details
It was discovered that KDM would allow logins without password checks
under certain circumstances. If autologin was configured, and "shutdown
with password" enabled, a local user could exploit the problem and gain
root privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 7.04:
- kdm 4:3.5.6-0ubuntu20.4
- Ubuntu 6.10:
- kdm 4:3.5.5-0ubuntu3.6
- Ubuntu 6.06 LTS:
- kdm 4:3.5.2-0ubuntu27.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.