Ubuntu Security Notice USN-301-1
14th June, 2006
kdebase vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
Ludwig Nussel discovered that kdm managed the ~/.dmrc file in an
insecure way. By performing a symlink attack, a local user could
exploit this to read arbitrary files on the system, like private files
of other users, /etc/shadow, and similarly sensitive data.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- kdm 4:3.5.2-0ubuntu27
- Ubuntu 5.10:
- kdm 4:3.4.3-0ubuntu7
- Ubuntu 5.04:
- kdm 4:3.4.0-0ubuntu18.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.