ArchLinux: 201903-3: gdm: access restriction bypass
Summary
- CVE-2019-3820 (access restriction bypass)
A partial screen lock bypass via keybindings has been found in gdm <3.30.2, allowing a local attacker to unlock a session under certain
circumstances.
- CVE-2019-3825 (access restriction bypass)
An issue has been found in gdm <= 3.30.2, allowing a local attacker
with valid credentials to unlock the session for a different user than
their own.
Resolution
Upgrade to 3.30.3-1.
# pacman -Syu "gdm>=3.30.3-1"
The problems have been fixed upstream in version 3.30.3.
References
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/851 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825 https://gitlab.gnome.org/GNOME/gdm/-/issues/460 https://security.archlinux.org/CVE-2019-3820 https://security.archlinux.org/CVE-2019-3825
Workaround
None.