[LightDM] Using debian/guest-account.sh allows local privilege escalation
Robert Ancell
robert.ancell at gmail.com
Tue Apr 4 21:21:04 UTC 2017
Hi,
A bug has been recently discovered in the Ubuntu guest-account script that
can allow local privilege escalation.
Bug: https://bugs.launchpad.net/bugs/1677924
CVE: 2017-7358
Introduced in revision 2233 (1.17.1)
Affects stable branches: 1.18, 1.20, 1.22
This script is in the LightDM bzr branch, but it is *not in the tarballs*
(and so not installed as part of the build system).
Actions:
1. If you are not using the guest session functionality, then no action is
required.
2. If you are using the Ubuntu script or a derivative of it, then apply the
patch to fix the issue.
3. If you are using guest session support with your own script, please
check if your script has a similar issue.
Thanks,
--Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/lightdm/attachments/20170404/5a8d8777/attachment.html>
More information about the LightDM
mailing list