Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 437
Alerts This Week
Warning Icon 1 437

Ubuntu 16.04 And 16.10 USN-3255-1 Critical: LightDM Local Attack

ubuntu
Calendar Grey April 4, 2017
Dist Ubuntu Esm H88
A security flaw in LightDM impacting Ubuntu systems could permit unauthorized admin operations. It is advisable to implement updates to mitigate potential threats.
LightDM could be made to run programs as an administrator.

Summary

LightDM could be made to run programs as an administrator.

Software Description:

- lightdm: Display Manager

Details:

It was discovered that LightDM incorrectly handled home directory creation for

guest users. A local attacker could use this issue to gain ownership of

arbitrary directory paths and possibly gain administrative privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  lightdm                         1.19.5-0ubuntu1.1

Ubuntu 16.04 LTS:
  lightdm                         1.18.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3255-1

CVE-2017-7358

Severity
critical
Lowest
Low
Medium
High
Critical

April 04, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.