Patch at $URL. From third party advisory at http://secunia.com/advisories/44797/: Description A security issue has been reported in GNOME Display Manager, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to a URI scheme handler configuration error and can be exploited to launch a default browser in a GDM session with the privileges of the GDM user. The security issue is reported in version 2.32.1 and prior.
This applies to the following version range: (2.21, 2.32.1). The current stable is 2.20.x, and this vulnerability doesn't apply to that version. GDM was completely rewritten in the 2.21.x cycle, and all further releases have been hard masked in the tree. Hence, this security bug doesn't affect us.
(In reply to comment #1) > > Hence, this security bug doesn't affect us. Ok, thanks. Closing as INVALID.