| Summary: | sddm new security issue CVE-2020-28049 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | geiger.david68210, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | sddm-0.18.1-3.mga7.src.rpm | CVE: | CVE-2020-28049 |
| Status comment: | |||
|
Description
David Walser
2020-11-06 00:19:17 CET
David Walser
2020-11-06 00:19:34 CET
Whiteboard:
(none) =>
MGA7TOO More information: https://www.openwall.com/lists/oss-security/2020/11/04/2 Fixed both Cauldron and mga7! CC:
(none) =>
geiger.david68210 Advisory: ======================== Updated sddm package fixes security vulnerability: Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges (CVE-2020-28049). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28049 https://www.debian.org/security/2020/dsa-4783 ======================== Updated packages in core/updates_testing: ======================== sddm-0.18.1-3.1.mga7 from sddm-0.18.1-3.1.mga7.src.rpm Assignee:
kde =>
qa-bugs Testing this on M7 Plasma x86_64 and Cauldron. Package updated successfully. Reboot get proper X GUI to log in. Plasma X session is OK. MGA7-64-OK Validating this. Advisory pushed to SVN. Whiteboard:
(none) =>
MGA7-64-OK
Aurelien Oudelet
2020-11-10 09:10:42 CET
CVE:
(none) =>
CVE-2020-28049 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0412.html Resolution:
(none) =>
FIXED |