Descriptionlightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.SUSE Bugzilla entry: 708205 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.0|| ||Patchnames: |
openSUSE Leap 15.0 GA liblightdm-gobject-1-0-1.24.1-lp150.1.1
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA liblightdm-gobject-1-0-1.21.1-1.1