Upstream information

CVE-2011-3349 at MITRE

Description

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 708205 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • liblightdm-gobject-1-0 >= 1.24.1-lp150.1.1
  • lightdm >= 1.24.1-lp150.1.1
  • lightdm-lang >= 1.24.1-lp150.1.1
Patchnames:
openSUSE Leap 15.0 GA liblightdm-gobject-1-0-1.24.1-lp150.1.1
openSUSE Tumbleweed
  • liblightdm-gobject-1-0 >= 1.21.1-1.1
  • liblightdm-qt-3-0 >= 1.21.1-1.1
  • liblightdm-qt5-3-0 >= 1.21.1-1.1
  • lightdm >= 1.21.1-1.1
  • lightdm-gobject-devel >= 1.21.1-1.1
  • lightdm-lang >= 1.21.1-1.1
  • lightdm-qt-devel >= 1.21.1-1.1
  • lightdm-qt5-devel >= 1.21.1-1.1
  • typelib-1_0-LightDM-1 >= 1.21.1-1.1
Patchnames:
openSUSE Tumbleweed GA liblightdm-gobject-1-0-1.21.1-1.1