Advisories » MGASA-2014-0504

Updated sddm packages fix security vulnerabilities

Publication date: 03 Dec 2014
Modification date: 03 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7271 , CVE-2014-7272

Description

Sddm may in some cases allow unauthenticated logins as the sddm user
(CVE-2014-7271).

Sddm is vulnerable to a race condition in XAUTHORITY file generation
(CVE-2014-7272).

Sddm has been updated to version 0.10.0, fixing these issues and several
other bugs, and adding new functionality.

libxcb packages have been updated to work with sddm.

References

SRPMS

4/core

sddm-0.10.0-1.mga4
libxcb-1.9.1-2.1.mga4