Red Hat Bugzilla – Bug 1284460
CVE-2015-8308 lxdm: X server started without -auth, exposing it to connections form any local user
Last modified: 2015-11-24 03:40:10 EST
LXDM before 0.5.2 did not start X server with -auth parameter.
Therefore any user able to connect to it (typically all local users)
would have their X connections accepted. The issue was fixed via:
Additional information is available in bug 1268900.
This was already fixed in all Fedora versions via bug 1268900.