[LightDM] Version 1.0.6 released
Guido Berhoerster
gber at opensuse.org
Wed Nov 2 10:18:46 PDT 2011
* Yves-Alexis Perez <corsac at debian.org> [2011-11-02 18:00]:
> On mer., 2011-11-02 at 11:42 -0400, Robert Ancell wrote:
> > Fixes a security issue where using ~/.Xauthority as a symlink would
> > cause LightDM to set the destination of the link to user ownership.
> > All users of 1.0.4 or 1.0.5 should upgrade immediately.
> >
> > Overview of changes in lightdm 1.0.6
> >
> > * Use lchown for correcting ownership of ~/.Xauthority instead of chown
> > _______________________________________________
>
> This has been affected CVE-2011-4105.
>
> I don't remember exactly, but is there a reason for not doing the work
> that as the target user, instead of chown'ing it?
The code in question here corrects the ownership of .Xauthority
files previously written as root by LightDM < 0.9.8 (which was
CVE-2011-3349).
--
Guido Berhoerster
More information about the LightDM
mailing list