==========================================================================
Ubuntu Security Notice USN-4533-1
September 22, 2020

ldm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS

Summary:

LTSP Display Manager could be made to escalate user privileges.

Software Description:
– ldm: LTSP display manager

Details:

Veeti Veteläinen discovered that the LTSP Display Manager (ldm)
incorrectly handled user logins from unsupported shells. A local attacker
could possibly use this issue to gain root privileges. (CVE-2019-20373)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
ldm 2:2.18.06-1+deb10u1build0.20.04.1
ldm-server 2:2.18.06-1+deb10u1build0.20.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4533-1
https://launchpad.net/bugs/1839431

Package Information:
https://launchpad.net/ubuntu/+source/ldm/2:2.18.06-1+deb10u1build0.20.04.1

—–BEGIN PGP SIGNATURE—–

iQEzBAEBCAAdFiEElnO/d49FoUPK9fwytGdj0GOh2+wFAl9qZtUACgkQtGdj0GOh
2+wZigf8DhDMiHpmFBI6V2yIyJVLGz1vepA+4kQYwCeaqXWxauWkO9PBTT7lBFAJ
bjxh09288b0o3JAPs4RuBgDUKdoDklPNm23jM5MhTixSDFBpt8BKztSyQFjjADWV
AOGwMoU+iJ6n8ZuwhXpGzjGUf4t3VUtn3dTgFgwkDSry7gkAdTtgKlCJ18v3Y3ah
VwRIRwJpR/qFMYL1Ih1jJIWbpRZuOrHGbINQXuvLKKAWbobuarg74mNITWMWb/Rx
YM89W1gXVUeqdanaL7rJZkQMzczquFyyqtcKjjspWwAkW7WX/0Dxz//0ErhVZOJQ
bWpfC3tnb5DtfPnQdpo9VmJvWucysw==
=ezZd
—–END PGP SIGNATURE—–
—