Hi Thanks for the update
--- Thanks, Noam Rathaus On Apr 21, 2017 04:15, "Tyler Hicks" <tyhi...@canonical.com> wrote: > As a note to any backporters, the original fix for this bug should > include the following change as well: > > https://code.launchpad.net/~tyhicks/lightdm/guest-dir- > perms/+merge/322906 > > It is technically optional but definitely recommended. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1677924 > > Title: > Local privilege escalation via guest user login > > Status in Light Display Manager: > Fix Released > Status in Light Display Manager 1.18 series: > Fix Released > Status in Light Display Manager 1.20 series: > Fix Released > Status in Light Display Manager 1.22 series: > Fix Released > Status in lightdm package in Ubuntu: > Fix Released > Status in lightdm source package in Xenial: > Fix Released > Status in lightdm source package in Yakkety: > Fix Released > Status in lightdm source package in Zesty: > Fix Released > > Bug description: > It was discovered that a local attacker could watch for lightdm's > guest-account script to create a /tmp/guest-XXXXXX file and then quickly > create > the lowercase representation of the guest user's home directory before > lightdm > could. This allowed the attacker to have control of the guest user's home > directory and, subsequently, gain control of an arbitrary directory in > the > filesystem which could lead to privilege escalation. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677924 Title: Local privilege escalation via guest user login To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1677924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
