Advisories » MGASA-2018-0056

Updated gdm packages fix security vulnerability

Publication date: 03 Jan 2018
Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-12164

Description

Updated gdm packages fix security vulnerability:

A flaw was discovered in the gdm where gdm greeter was no longer setting
the ran_once boolean during autologin. If autologin was enable for a
victim, an attacker could simply select 'login as another user' to unlock
their screen (CVE-2017-12164).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21717
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CUDXKEMLQPVFJP52PBLEOLKUMYUY25UJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12164

SRPMS

6/core

• gdm-3.24.3-1.mga6