diff -u lightdm-1.18.3/debian/changelog lightdm-1.18.3/debian/changelog
--- lightdm-1.18.3/debian/changelog
+++ lightdm-1.18.3/debian/changelog
@@ -1,3 +1,13 @@
+lightdm (1.18.3-0ubuntu1.1) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Directory traversal allowing arbitrary directory
+    ownership and privilege escalation (LP: #1677924)
+    - debian/guest-account.sh: Detect existing malicious guest user home dirs
+      before proceeding with guest user creation
+    - CVE-2017-7358
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Fri, 31 Mar 2017 16:04:04 +0000
+
 lightdm (1.18.3-0ubuntu1) xenial; urgency=medium
 
   * New upstream release:
diff -u lightdm-1.18.3/debian/guest-account.sh lightdm-1.18.3/debian/guest-account.sh
--- lightdm-1.18.3/debian/guest-account.sh
+++ lightdm-1.18.3/debian/guest-account.sh
@@ -35,7 +35,13 @@
   temp_home=$(mktemp -td guest-XXXXXX)
   GUEST_HOME=$(echo ${temp_home} | tr '[:upper:]' '[:lower:]')
   GUEST_USER=${GUEST_HOME#/tmp/}
-  [ ${GUEST_HOME} != ${temp_home} ] && mv ${temp_home} ${GUEST_HOME}
+  if [ "${GUEST_HOME}" != "${temp_home}" ]; then
+    mkdir "${GUEST_HOME}" || {
+      echo "Failed to create ${GUEST_USER}'s home directory (${GUEST_HOME})"
+      exit 1
+    }
+    rmdir "${temp_home}"
+  fi
 
   # if ${GUEST_USER} already exists, it must be a locked system account with no existing
   # home directory