[LightDM] Version 1.0.6 released
corsac at debian.org
Wed Nov 2 10:00:32 PDT 2011
On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote:
> Fixes a security issue where using ~/.Xauthority as a symlink would
> cause LightDM to set the destination of the link to user ownership.
> All users of 1.0.4 or 1.0.5 should upgrade immediately.
> Overview of changes in lightdm 1.0.6
> * Use lchown for correcting ownership of ~/.Xauthority instead of chown
This has been affected CVE-2011-4105.
I don't remember exactly, but is there a reason for not doing the work
that as the target user, instead of chown'ing it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the LightDM