diff options
author | Robert Ancell <robert.ancell@canonical.com> | 2017-05-12 11:31:22 +1200 |
---|---|---|
committer | Robert Ancell <robert.ancell@canonical.com> | 2017-05-12 11:31:22 +1200 |
commit | 43d4ed8b4ebcca1dfae87bf0999572bf1d83072c (patch) | |
tree | 37556820671a92310fa5dfabbe4917690684d9c3 | |
parent | 2aa85a198d920168f2dca41e6d1bbfa539d90d03 (diff) | |
download | lightdm-git-43d4ed8b4ebcca1dfae87bf0999572bf1d83072c.tar.gz |
* New upstream release:
- TBD
* SECURITY UPDATE: Guest session not confined (LP: #1663157)
- debian/50-disable-guest.conf:
- debian/lightdm.install:
- Disable guest sessions by default, this can be overridden by custom
configuration (e.g. /etc/lightdm/lightdm.conf)
- CVE-2017-8900
-rw-r--r-- | debian/50-disable-guest.conf | 5 | ||||
-rw-r--r-- | debian/changelog | 13 | ||||
-rw-r--r-- | debian/lightdm.install | 1 |
3 files changed, 19 insertions, 0 deletions
diff --git a/debian/50-disable-guest.conf b/debian/50-disable-guest.conf new file mode 100644 index 00000000..4e01ff72 --- /dev/null +++ b/debian/50-disable-guest.conf @@ -0,0 +1,5 @@ +# Disable guest sessions due to them not being confined in systemd +# CVE-2017-8900 +# https://bugs.launchpad.net/bugs/1663157 +[Seat:*] +allow-guest=false diff --git a/debian/changelog b/debian/changelog index 9a32ee47..c315b5f2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +lightdm (1.23.0-0ubuntu1) UNRELEASED; urgency=medium + + * New upstream release: + - TBD + * SECURITY UPDATE: Guest session not confined (LP: #1663157) + - debian/50-disable-guest.conf: + - debian/lightdm.install: + - Disable guest sessions by default, this can be overridden by custom + configuration (e.g. /etc/lightdm/lightdm.conf) + - CVE-2017-8900 + + -- Robert Ancell <robert.ancell@canonical.com> Fri, 12 May 2017 11:30:02 +1200 + lightdm (1.22.0-0ubuntu2) zesty; urgency=medium * SECURITY UPDATE: Directory traversal allowing arbitrary directory diff --git a/debian/lightdm.install b/debian/lightdm.install index e126cef9..14700b6d 100644 --- a/debian/lightdm.install +++ b/debian/lightdm.install @@ -19,3 +19,4 @@ debian/50-xserver-command.conf usr/share/lightdm/lightdm.conf.d debian/50-greeter-wrapper.conf usr/share/lightdm/lightdm.conf.d debian/50-guest-wrapper.conf usr/share/lightdm/lightdm.conf.d debian/50-disable-log-backup.conf usr/share/lightdm/lightdm.conf.d +debian/50-disable-guest.conf usr/share/lightdm/lightdm.conf.d |