| Summary: | gdm new security issue CVE-2017-12164 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | marja11, sysadmin-bugs, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK MGA6-32-OK | ||
| Source RPM: | gdm-3.24.2-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-09-16 05:03:46 CEST
Marja Van Waes
2017-09-16 21:21:53 CEST
Assignee:
bugsquad =>
gnome
David Walser
2017-09-16 22:07:29 CEST
QA Contact:
(none) =>
security Advisory: ======================== Updated gdm packages fix security vulnerability: A flaw was discovered in the gdm where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen (CVE-2017-12164). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12164 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CUDXKEMLQPVFJP52PBLEOLKUMYUY25UJ/ ======================== Updated packages in core/updates_testing: ======================== gdm-3.24.3-1.mga6 libgdm1-3.24.3-1.mga6 libgdm-gir1.0-3.24.3-1.mga6 libgdm-devel-3.24.3-1.mga6 from gdm-3.24.3-1.mga6.src.rpm Assignee:
gnome =>
qa-bugs Been running this for some days without issues Whiteboard:
(none) =>
MGA6-64-OK advisory added to svn Keywords:
(none) =>
advisory Tested 32bit in virtualbox. validating. Whiteboard:
MGA6-64-OK =>
MGA6-64-OK MGA6-32-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0056.html Status:
NEW =>
RESOLVED |