CVE-2017-8900

Priority
Medium
Description
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x,
allows physically proximate attackers to bypass intended AppArmor
restrictions and visit the home directories of arbitrary users by
establishing a guest session.
References
Bugs
Notes
 tyhicks> This issue was introduced when the user session handling moved from
  upstart to systemd in Ubuntu 16.10.
Assigned-to
tyhicks
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (1.22.0-0ubuntu4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):released (1.19.5-0ubuntu1.2)
Ubuntu 17.04 (Zesty Zapus):released (1.22.0-0ubuntu2.1)
More Information

Updated: 2017-06-19 11:14:33 UTC (commit 12762)