Robert Ancell
2017-Apr-04 21:21 UTC
[LightDM] Using debian/guest-account.sh allows local privilege escalation
Hi, A bug has been recently discovered in the Ubuntu guest-account script that can allow local privilege escalation. Bug: https://bugs.launchpad.net/bugs/1677924 CVE: 2017-7358 Introduced in revision 2233 (1.17.1) Affects stable branches: 1.18, 1.20, 1.22 This script is in the LightDM bzr branch, but it is *not in the tarballs* (and so not installed as part of the build system). Actions: 1. If you are not using the guest session functionality, then no action is required. 2. If you are using the Ubuntu script or a derivative of it, then apply the patch to fix the issue. 3. If you are using guest session support with your own script, please check if your script has a similar issue. Thanks, --Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.freedesktop.org/archives/lightdm/attachments/20170404/5a8d8777/attachment.html>