CVE-2017-7358

Priority
High
Description
In LightDM through 1.22.0, a directory traversal issue in
debian/guest-account.sh allows local attackers to own arbitrary directory
path locations and escalate privileges to root when the guest user logs
out.
References
Bugs
Notes
 tyhicks> This issue was reported to us by Beyond Security but they did not
  discover the issue. The discoverer is unknown.
Assigned-to
tyhicks
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:not-affected
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.18.3-0ubuntu1.1)
Ubuntu 16.10 (Yakkety Yak):released (1.19.5-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (1.22.0-0ubuntu2)
More Information

Updated: 2017-04-06 01:14:38 UTC (commit 12355)