Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Nov 2015 14:52:52 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request for LightDM - XDMCP denial of service

Hi,

it seems that some versions of LightDM (1.14 and 1.16 series) are vulnerable
to a denial of service when XDMCP server is enabled. When that's the case, an
XDMCP request with no address will crash LightDM.

More information can be found in https://bugs.launchpad.net/lightdm/+bug/15168
31 and the bug is fixed with 1.14.4 and 1.16.6 (and development release
1.17.2).

Can a CVE be assigned to this?

Thanks in advance,
-- 
Yves-Alexis


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ