Submit your Linux news story here.

Security flaw in Lightdm guest session could anyone access your files in Ubuntu Linux

LightDM is a free and open source X display manager that is lightweight, fast, extensible and multi-desktop. LightDM is the default display manager for Ubuntu and other distros. LightDM could allow unintended access to files and affects releases of Ubuntu including Ubuntu 17.04 and Ubuntu 16.10.

From this page:

Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10 and Ubuntu 17.04. A physically present attacker can use this issue to log in under a guest session to access files and possibly other resources that they would not typically have access to. This includes files in the home directory of other users since, by default, home directories in Ubuntu are world readable.

How do I patch it?

Simply run apt-get or apt commands:
$ sudo apt-get update
$ sudo apt-get upgrade

OR
$ sudo apt update
$ sudo apt upgrade

Read more: USN-3285-1: LightDM vulnerability

0 comments… add one

Leave a Comment