LTSP Display Manager could be made to escalate user privileges.
Software Description:
- ldm: LTSP display manager
Details:
Veeti Veteläinen discovered that the LTSP Display Manager (ldm)
incorrectly handled user logins from unsupported shells. A local attacker
could possibly use this issue to gain root privileges. (CVE-2019-20373)
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ldm 2:2.18.06-1+deb10u1build0.20.04.1 ldm-server 2:2.18.06-1+deb10u1build0.20.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4533-1
https://bugs.launchpad.net/ltsp/+bug/1839431
Get the latest Linux and open source security news straight to your inbox.