Light Display Manager

CVEs related to bugs in Light Display Manager

Open bugs

Bug	CVE(s)
Bug #1663157: Guest session processes are not confined in 16.10 and newer releases	CVE-2017-8900
Light Display Manager	New (unassigned)
Bug #1781418: User not being initialized correctly on login	CVE-2018-10380
Light Display Manager	New (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #685212: wrong permission on xauthority file	CVE-2013-4331
Light Display Manager	Fix released (unassigned)
Bug #834079: files written as root to user-controlled folders	CVE-2011-3349
Light Display Manager	Fix released, assigned to Martin Pitt
Bug #835996: lightdm.log should not be user readable	CVE-2011-3349
Light Display Manager	Fix released (unassigned)
Bug #844081: Unity Greeter - Background of the Unity Greeter should reflect the background chosen by the user that is currently selected	CVE-2011-3153 CVE-2011-4105
Light Display Manager	Fix released (unassigned)
Bug #844274: creating a guest session does not lock the users session	CVE-2011-3349
Light Display Manager	Fix released (unassigned)
Bug #861177: Switching to user without password still shows greeter	CVE-2011-3153 CVE-2011-4105
Light Display Manager	Fix released (unassigned)
Bug #911597: Change-password-after-login is broken	CVE-2011-3153 CVE-2011-4105
Light Display Manager	Fix released (unassigned)
Bug #952185: ~/.pam_environment not parsed by default	CVE-2010-4708
Light Display Manager	Invalid by Robert Ancell
Bug #953044: Guest session clean up can remove other user's files	CVE-2012-0943
Light Display Manager	Invalid (unassigned)
Bug #1242939: Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being provided to logind or ConsoleKit	CVE-2013-4459
Light Display Manager	Fix released, assigned to Robert Ancell
Bug #1243339: lightdm no longer runs guest session through wrapper	CVE-2013-4459
Light Display Manager	Fix released, assigned to Robert Ancell
Bug #1245295: Greeter indicates session is logged into after logout	CVE-2013-4459
Light Display Manager	Fix released, assigned to Robert Ancell
Bug #1245957: session-setup-script doesn't know the username	CVE-2013-4459
Light Display Manager	Fix released, assigned to Robert Ancell
Bug #1516831: XDMCP Request packet with no addresses crashes LightDM	CVE-2015-8316
Light Display Manager	Fix released, assigned to Robert Ancell
Bug #1677924: Local privilege escalation via guest user login	CVE-2017-7358
Light Display Manager	Fix released (unassigned)