Ubuntu Security Notice USN-1399-1
13th March, 2012
gdm-guest-session vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary
gdm-guest-session could be made to delete files as the administrator.
Software description
- gdm-guest-session - gdm extension for guest session
Details
Ryan Lortie discovered that gdm-guest-session improperly cleaned out
certain guest session files. A local attacker could use this issue to
delete arbitrary files.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.04:
- gdm-guest-session 0.24ubuntu0.1
- Ubuntu 10.10:
- gdm-guest-session 0.17ubuntu0.1
- Ubuntu 10.04 LTS:
- gdm-guest-session 0.15ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.