FS#56116 - lightdm: CVE-2017-7358, CVSS score 6.9

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 25 October 2017, 18:46 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 26 October 2017, 03:36 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No



We still ship lightdm 1.0.22 which is vulnerable to a directory traversal/privilege escalation vulnerability concerning the guest account feature:


lightdm 1.0.24 fixes the issue. Besides, the current lightdm package has been flagged as out of date since 2017-09-11.
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Thursday, 26 October 2017, 03:36 GMT
Reason for closing:  Not a bug
Additional comments about closing:  This CVE does not apply to lightdm itself, but rather to a distro-specific additional file provided and shipped by Ubuntu. Arch does not ship that script.