Updated sddm packages fix security vulnerabilities
Publication date: 03 Dec 2014Modification date: 03 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7271 , CVE-2014-7272
Description
Sddm may in some cases allow unauthenticated logins as the sddm user (CVE-2014-7271). Sddm is vulnerable to a race condition in XAUTHORITY file generation (CVE-2014-7272). Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb packages have been updated to work with sddm.
References
- https://bugs.mageia.org/show_bug.cgi?id=14238
- https://github.com/sddm/sddm/releases/tag/v0.10.0
- https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141494.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7272
SRPMS
4/core
- sddm-0.10.0-1.mga4
- libxcb-1.9.1-2.1.mga4