CVE-2011-3154 Information

Description

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1 1:0.134.x before 1:0.134.11.1 1:0.142.x before 1:0.142.23.1 1:0.150.x before 1:0.150.5.1 and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

Reference

http://secunia.com/advisories/47024 http://www.ubuntu.com/usn/USN-1284-1 https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541