Fedora has issued an advisory today (September 15): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CUDXKEMLQPVFJP52PBLEOLKUMYUY25UJ/ The issue is fixed upstream in 3.24.3. Mageia 5 is not affected.
Assignee: bugsquad => gnomeCC: (none) => marja11
QA Contact: (none) => securityComponent: RPM Packages => Security
Advisory: ======================== Updated gdm packages fix security vulnerability: A flaw was discovered in the gdm where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen (CVE-2017-12164). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12164 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CUDXKEMLQPVFJP52PBLEOLKUMYUY25UJ/ ======================== Updated packages in core/updates_testing: ======================== gdm-3.24.3-1.mga6 libgdm1-3.24.3-1.mga6 libgdm-gir1.0-3.24.3-1.mga6 libgdm-devel-3.24.3-1.mga6 from gdm-3.24.3-1.mga6.src.rpm
Assignee: gnome => qa-bugs
Been running this for some days without issues
Whiteboard: (none) => MGA6-64-OKCC: (none) => tmb
advisory added to svn
Keywords: (none) => advisory
Tested 32bit in virtualbox. validating.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0056.html
Status: NEW => RESOLVEDResolution: (none) => FIXED