Debian Security Advisory
DSA-2205-1 gdm3 -- privilege escalation
- Date Reported:
- 28 Mar 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-0727.
- More information:
Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.
The oldstable distribution (lenny) does not contain a gdm3 package. The gdm package is not affected by this issue.
For the stable distribution (squeeze), this problem has been fixed in version 2.30.5-6squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your gdm3 packages.