|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0286 (lightdm)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0286: Updated lightdm package fixes security vulnerability 


Date:
    	      Thu, 19 Sep 2013 11:46:13 +0200


Message-ID:
    	      <20130919094613.BEE975B0BE@valstar.mageia.org>



MGASA-2013-0286 - Updated lightdm package fixes security vulnerability

Publication date: 19 Sep 2013
URL: http://advisories.mageia.org/MGASA-2013-0286.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-4331

Description:
lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with
world-readable permissions (CVE-2013-4331).

Additionally, an issue where a user logged into a graphical desktop
environment through lightdm would lose privleges to local devices (such as
the sound card) when using the 'su' command has been fixed.

References:
- https://bugs.mageia.org/show_bug.cgi?id=11219
- https://bugs.mageia.org/show_bug.cgi?id=11071
- http://openwall.com/lists/oss-security/2013/09/11/4
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4331

SRPMS:
- 3/core/lightdm-1.4.3-1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds