VYPR

rpm package

opensuse/lightdm&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/lightdm&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2011-3349Nov 19, 2019
    affected < 1.21.1-1.1fixed 1.21.1-1.1

    lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.

  • CVE-2012-1111Oct 27, 2014
    affected < 1.21.1-1.1fixed 1.21.1-1.1

    lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.

  • CVE-2011-3153Mar 6, 2014
    affected < 1.21.1-1.1fixed 1.21.1-1.1

    dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

  • CVE-2011-4105Feb 17, 2012
    affected < 1.21.1-1.1fixed 1.21.1-1.1

    LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.