It was found that when XDMCP sercer is enabled and LightDM receives an XDMCP Request packet with no addresses, it will attempt to access a negative index into an array, causing denial of service. CVE assignment: http://seclists.org/oss-sec/2015/q4/352
Created lightdm tracking bugs for this issue: Affects: fedora-all [bug 1284575]
per linked fedora bug, According to the CVE_2015-8316 text, "some versions of LightDM (1.14 and 1.16 series) are vulnerable". Fedora (and EPEL) ship lightdm-1.10.x, so it would appear we are safe, closing.