attackers unauthorised access to your files.
The issue concerns LightDM, the display manager for the Unity Desktop that powers the Unity Greeter login screen,and affects both Ubuntu 17.04 and Ubuntu 16.10.
LightDM does not correctly confine the guest user session enabled by default on Ubuntu. An attacker with physical access to an affected system could exploit the weakness to gain access to the files or other users on the system, including files in users’ home directories.Based on discussions in the bug report attached to the issue (which is now public) it seems the move to systemd is (partly) to blame, and explains why earlier versions of Ubuntu (which use upstart) are not affected.
If you’re running a fully up-to-date system you do not need to panic. Canonical has already pushed out an update that temporarily disables Ubuntu guest session logins (so if you noticed it was missing, that’s why).
If you haven’t installed the update,then please do.It’s easy enough: just open the Update Manager, check for updates, and install all critical security patches listed.
While the likelihood of this issue actually being exploited is minimal — remember: someone would need to have physical access to your computer, and need to know about the vulnerability and how to use it,it's reassuring that the security patch required has been made available.
Canonical says it may re-enable guest sessions in a future update but, for now, they’re off by default. Anyone who needs to use guests sessions can knowingly and manually re-enable them.
0 comments:
Post a Comment