Advisories » MGASA-2015-0429

Updated sddm packages fixes security vulnerability

Publication date: 05 Nov 2015
Modification date: 05 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-0856

Description

Pavel Avgustinov discovered that SDDM does not disable the KDE crash
handler, and certain themes would allow shell access to the sddm user as a
result in case of a crash (CVE-2015-0856).

Only SDDM users using the Breeze theme from plasma-workspace are affected.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16966
• http://openwall.com/lists/oss-security/2015/10/14/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0856

SRPMS

5/core

• sddm-0.11.0-1.1.mga5