- Vulnerability/
- USN-3285-1
12/5/2017
USN-3285-1: LightDM vulnerability
First published: Fri May 12 2017(Updated: )
Tyler Hicks discovered that LightDM did not confine the user session for guest users. An attacker with physical access could use this issue to access files and other resources that they should not be able to access. In the default installation, this includes files in the home directories of other users on the system. This update fixes the issue by disabling the guest session. It may be re-enabled in a future update. Please see the bug referenced below for instructions on how to manually re-enable the guest session.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/lightdm | <1.22.0-0ubuntu2.1 | 1.22.0-0ubuntu2.1 |
| Ubuntu Ubuntu | =17.04 | |
| All of | ||
| ubuntu/lightdm | <1.19.5-0ubuntu1.2 | 1.19.5-0ubuntu1.2 |
| Ubuntu Ubuntu | =16.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/17.04
- version/ubuntu ubuntu/16.10