USN-932-1: KDM vulnerability
Ubuntu Security Notice USN-932-1
19th April, 2010
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.10
Sebastian Krahmer discovered a race condition in the KDE Display Manager
(KDM). A local attacker could exploit this to change the permissions on
arbitrary files, thus allowing privilege escalation.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.10:
- kdm 4:4.3.2-0ubuntu7.2
- Ubuntu 9.04:
- kdm 4:4.2.2-0ubuntu2.1
- Ubuntu 8.10:
- kdm 4:4.1.4-0ubuntu1~intrepid3.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.