FS#56116 - lightdm: CVE-2017-7358, CVSS score 6.9
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 25 October 2017, 18:46 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 26 October 2017, 03:36 GMT
Opened by Pascal Ernster (hardfalcon) - Wednesday, 25 October 2017, 18:46 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 26 October 2017, 03:36 GMT
|
Details
Description:
We still ship lightdm 1.0.22 which is vulnerable to a directory traversal/privilege escalation vulnerability concerning the guest account feature: http://www.cvedetails.com/cve/CVE-2017-7358/ lightdm 1.0.24 fixes the issue. Besides, the current lightdm package has been flagged as out of date since 2017-09-11. |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Thursday, 26 October 2017, 03:36 GMT
Reason for closing: Not a bug
Additional comments about closing: This CVE does not apply to lightdm itself, but rather to a distro-specific additional file provided and shipped by Ubuntu. Arch does not ship that script.
Thursday, 26 October 2017, 03:36 GMT
Reason for closing: Not a bug
Additional comments about closing: This CVE does not apply to lightdm itself, but rather to a distro-specific additional file provided and shipped by Ubuntu. Arch does not ship that script.