Bug 17210

Summary: lightdm new security issue CVE-2015-8316
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, herman.viaene, jani.valimaa, shlomif, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/666130/
Whiteboard: has_procedure MGA5-64-OK MGA5-32-OK advisory
Source RPM: lightdm-1.14.2-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-11-23 20:23:58 CET 
A CVE was assigned for a denial of service issue in lightdm:
http://openwall.com/lists/oss-security/2015/11/22/1

The issue is fixed upstream in 1.14.4 and 1.16.6 (already in Cauldron).

Reproducible: 

Steps to Reproduce:
Comment 1 Jani Välimaa 2015-11-23 21:12:46 CET 
Pushed 1.14.4 to mga5 core/updates_testing:

SRPM:
lightdm-1.14.4-1.mga5

RPMS:
lightdm-1.14.4-1.mga5
lib(|64)lightdm-gobject1_0-1.14.4-1.mga5
lib(|64)lightdm-gir1-1.14.4-1.mga5
lib(|64)lightdm-gobject-devel-1.14.4-1.mga5
lib(|64)lightdm-qt5_3_0-1.14.4-1.mga5
lib(|64)lightdm-qt5-devel-1.14.4-1.mga5
lib(|64)lightdm-qt3_0-1.14.4-1.mga5
lib(|64)lightdm-qt-devel-1.14.4-1.mga5

Will provide advisory later when I've more time and if no-one hasn't provided it before me.

CC: (none) => jani.valimaa
Assignee: jani.valimaa => qa-bugs

Comment 2 Shlomi Fish 2015-11-26 22:02:59 CET 
lightdm after the updates is working fine on Mageia Linux x86-64 v5. On my Acer Laptop. I Was able to reboot to it and log in (after setting it up as the display manager on MCC). Would testing MGA5-32 be adequate if tested in VBox or KVM?

CC: (none) => shlomif
Whiteboard: (none) => MGA5-64-OK

Comment 3 Herman Viaene 2015-11-27 10:24:58 CET 
MGA5-32 on Acer D620 Xfce
No installation issues
Works fine.

CC: (none) => herman.viaene
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK

Comment 4 claire robinson 2015-11-27 11:59:32 CET 
Validating. Thanks.

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK MGA5-32-OK => has_procedure MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Dave Hodgins 2015-11-27 22:48:19 CET

CC: (none) => davidwhodgins
Whiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure MGA5-64-OK MGA5-32-OK advisory

Comment 5 Mageia Robot 2015-11-28 00:12:04 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0461.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-11-30 18:58:24 CET

URL: (none) => http://lwn.net/Vulnerabilities/666130/