summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/50-disable-guest.conf5
-rw-r--r--debian/changelog11
-rw-r--r--debian/lightdm.install1
3 files changed, 17 insertions, 0 deletions
diff --git a/debian/50-disable-guest.conf b/debian/50-disable-guest.conf
new file mode 100644
index 00000000..4e01ff72
--- /dev/null
+++ b/debian/50-disable-guest.conf
@@ -0,0 +1,5 @@
+# Disable guest sessions due to them not being confined in systemd
+# CVE-2017-8900
+# https://bugs.launchpad.net/bugs/1663157
+[Seat:*]
+allow-guest=false
diff --git a/debian/changelog b/debian/changelog
index 86644c68..14528911 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+lightdm (1.19.5-0ubuntu1.2) yakkety-security; urgency=medium
+
+ * SECURITY UPDATE: Guest session not confined (LP: #1663157)
+ - debian/50-disable-guest.conf:
+ - debian/lightdm.install:
+ - Disable guest sessions by default, this can be overridden by custom
+ configuration (e.g. /etc/lightdm/lightdm.conf)
+ - CVE-2017-8900
+
+ -- Robert Ancell <robert.ancell@canonical.com> Tue, 09 May 2017 09:32:16 +1200
+
lightdm (1.19.5-0ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: Directory traversal allowing arbitrary directory
diff --git a/debian/lightdm.install b/debian/lightdm.install
index e126cef9..14700b6d 100644
--- a/debian/lightdm.install
+++ b/debian/lightdm.install
@@ -19,3 +19,4 @@ debian/50-xserver-command.conf usr/share/lightdm/lightdm.conf.d
debian/50-greeter-wrapper.conf usr/share/lightdm/lightdm.conf.d
debian/50-guest-wrapper.conf usr/share/lightdm/lightdm.conf.d
debian/50-disable-log-backup.conf usr/share/lightdm/lightdm.conf.d
+debian/50-disable-guest.conf usr/share/lightdm/lightdm.conf.d