Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges. The oldstable distribution (lenny) does not contain a gdm3 package. The gdm package is not affected by this issue. For the stable distribution (squeeze), this problem has been fixed in version 2.30.5-6squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your gdm3 packages.
Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.
The oldstable distribution (lenny) does not contain a gdm3 package. The gdm package is not affected by this issue.
For the stable distribution (squeeze), this problem has been fixed in version 2.30.5-6squeeze2.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your gdm3 packages.