Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#56116 - lightdm: CVE-2017-7358, CVSS score 6.9

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 25 October 2017, 18:46 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 26 October 2017, 03:36 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



We still ship lightdm 1.0.22 which is vulnerable to a directory traversal/privilege escalation vulnerability concerning the guest account feature:

lightdm 1.0.24 fixes the issue. Besides, the current lightdm package has been flagged as out of date since 2017-09-11.
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Thursday, 26 October 2017, 03:36 GMT
Reason for closing:  Not a bug
Additional comments about closing:  This CVE does not apply to lightdm itself, but rather to a distro-specific additional file provided and shipped by Ubuntu. Arch does not ship that script.