oss-sec mailing list archives
Re: Re: [LightDM] Version 1.0.6 released
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 02 Nov 2011 10:40:32 -0600
On 11/02/2011 10:31 AM, Yves-Alexis Perez wrote:
On mer., 2011-11-02 at 10:16 -0600, Kurt Seifried wrote:On 11/02/2011 09:54 AM, Yves-Alexis Perez wrote:On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote:Fixes a security issue where using ~/.Xauthority as a symlink would cause LightDM to set the destination of the link to user ownership. All users of 1.0.4 or 1.0.5 should upgrade immediately. Overview of changes in lightdm 1.0.6 * Use lchown for correcting ownership of ~/.Xauthority instead of chownCould a CVE be assigned for this? Regards,Can you send me the link to this announcement so I can confirm it? Thanks.Here's the link to the mailing list mail: http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html Regards,
Thanks, confirmed (first hand info is much better). Please use CVE-2011-4105 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)