Summary: | x11-misc/lightdm : world-readable .Xauthority (CVE-2013-4331) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hwoarang |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/09/11/4 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-09-11 15:46:43 UTC
+*lightdm-1.7.15 (11 Sep 2013) +*lightdm-1.4.3 (11 Sep 2013) +*lightdm-1.6.2 (11 Sep 2013) + + 11 Sep 2013; Markos Chandras <hwoarang@gentoo.org> +lightdm-1.4.3.ebuild, + +lightdm-1.6.2.ebuild, +lightdm-1.7.15.ebuild, -lightdm-1.6.0.ebuild, + -lightdm-1.7.7.ebuild, -lightdm-1.7.9.ebuild: + Version bump. Bug #484328 and #484590 + 1.4.3 can go stable. 1.6.X and 1.7.X have no stable keywords so they do not need to be stabilized. Last arch please remove the old 1.4.X ebuilds. Remember, @arm needs to mask 'kde' and 'razor' use flags in their profiles. CVE-2013-4331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4331): Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. Vulnerable versions have been removed. @glsa coordinators: Please vote. GLSA Vote: No Vote: NO. |