CVE-2018-13054

CVE-2018-13054 affects Cinnamon 1.9.2–3.8.6 where cinnamon-settings-users.py runs as root and can overwrite any user’s ~/.face via symlink pointing to an arbitrary location, enabling a possible privilege escalation. Connected advisories (openSUSE, Fedora, SUSE, Mageia, Ubuntu) report a fix for th...