Ryan Lortie

**Name of the Vulnerable Software and Affected Versions** Light Display Manager (lightdm) versions 1.0.x through 1.0.5 Light Display Manager (lightdm) versions 1.1.x through 1.1.6 **Description** The issue allows local users to delete arbitrary files via a space in the name of a file in /tmp. **Recommendations** For Light Display Manager (lightdm) versions 1.0.x through 1.0.5, update to version 1.0.6 or later. For Light Display Manager (lightdm) versions 1.1.x through 1.1.6, update to version 1.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** gdm-guest-session versions 0.24 and earlier **Description** The issue allows local users to delete arbitrary files via a space in the name of a file in /tmp. This is related to the gdm/guest-session-cleanup.sh script in gdm-guest-session. **Recommendations** For gdm-guest-session versions 0.24 and earlier, consider restricting access to the /tmp directory to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using filenames with spaces in the /tmp directory.