diff options
-rw-r--r-- | debian/50-disable-guest.conf | 5 | ||||
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | debian/lightdm.install | 1 |
3 files changed, 17 insertions, 0 deletions
diff --git a/debian/50-disable-guest.conf b/debian/50-disable-guest.conf new file mode 100644 index 00000000..4e01ff72 --- /dev/null +++ b/debian/50-disable-guest.conf @@ -0,0 +1,5 @@ +# Disable guest sessions due to them not being confined in systemd +# CVE-2017-8900 +# https://bugs.launchpad.net/bugs/1663157 +[Seat:*] +allow-guest=false diff --git a/debian/changelog b/debian/changelog index 86644c68..14528911 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +lightdm (1.19.5-0ubuntu1.2) yakkety-security; urgency=medium + + * SECURITY UPDATE: Guest session not confined (LP: #1663157) + - debian/50-disable-guest.conf: + - debian/lightdm.install: + - Disable guest sessions by default, this can be overridden by custom + configuration (e.g. /etc/lightdm/lightdm.conf) + - CVE-2017-8900 + + -- Robert Ancell <robert.ancell@canonical.com> Tue, 09 May 2017 09:32:16 +1200 + lightdm (1.19.5-0ubuntu1.1) yakkety-security; urgency=medium * SECURITY UPDATE: Directory traversal allowing arbitrary directory diff --git a/debian/lightdm.install b/debian/lightdm.install index e126cef9..14700b6d 100644 --- a/debian/lightdm.install +++ b/debian/lightdm.install @@ -19,3 +19,4 @@ debian/50-xserver-command.conf usr/share/lightdm/lightdm.conf.d debian/50-greeter-wrapper.conf usr/share/lightdm/lightdm.conf.d debian/50-guest-wrapper.conf usr/share/lightdm/lightdm.conf.d debian/50-disable-log-backup.conf usr/share/lightdm/lightdm.conf.d +debian/50-disable-guest.conf usr/share/lightdm/lightdm.conf.d |