Advisories ยป MGASA-2014-0026

Updated lightdm-gtk-greeter fixes CVE-2014-0979

Publication date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-0979


Updated lightdm-gtk-greeter package fixes security vulnerability:

lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not
handle lightdm_greeter_get_authentication_user() returning NULL when the
username of the previous authentication is invalid resulting in a NULL pointer
dereference in start_authentication(). This constitutes a local denial of
service which can be triggered by any unprivileged attacker requiring the
intervention of an administrator to restart lightdm (CVE-2014-0979).