Mageia Advisory: MGASA-2014-0026 - Updated lightdm-gtk-greeter fixes CVE-2014-0979

Updated lightdm-gtk-greeter fixes CVE-2014-0979

Publication date: 24 Jan 2014
Modification date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0979

Description

Updated lightdm-gtk-greeter package fixes security vulnerability:

lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not
handle lightdm_greeter_get_authentication_user() returning NULL when the
username of the previous authentication is invalid resulting in a NULL pointer
dereference in start_authentication(). This constitutes a local denial of
service which can be triggered by any unprivileged attacker requiring the
intervention of an administrator to restart lightdm (CVE-2014-0979).

References

http://openwall.com/lists/oss-security/2014/01/07/5
http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html
https://bugs.mageia.org/show_bug.cgi?id=12238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0979

SRPMS

3/core

lightdm-gtk-greeter-1.3.1-6.1.mga3

Advisories » MGASA-2014-0026

Updated lightdm-gtk-greeter fixes CVE-2014-0979

Description

References

SRPMS

3/core