ArchLinux: 201903-3: gdm: access restriction bypass

    Date04 Mar 2019
    CategoryArchLinux
    388
    Posted ByLinuxSecurity Advisories
    The package gdm before version 3.30.3-1 is vulnerable to access restriction bypass.
    Arch Linux Security Advisory ASA-201903-3
    =========================================
    
    Severity: High
    Date    : 2019-03-03
    CVE-ID  : CVE-2019-3820 CVE-2019-3825
    Package : gdm
    Type    : access restriction bypass
    Remote  : No
    Link    : https://security.archlinux.org/AVG-879
    
    Summary
    =======
    
    The package gdm before version 3.30.3-1 is vulnerable to access
    restriction bypass.
    
    Resolution
    ==========
    
    Upgrade to 3.30.3-1.
    
    # pacman -Syu "gdm>=3.30.3-1"
    
    The problems have been fixed upstream in version 3.30.3.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-3820 (access restriction bypass)
    
    A partial screen lock bypass via keybindings has been found in gdm <=
    3.30.2, allowing a local attacker to unlock a session under certain
    circumstances.
    
    - CVE-2019-3825 (access restriction bypass)
    
    An issue has been found in gdm <= 3.30.2, allowing a local attacker
    with valid credentials to unlock the session for a different user than
    their own.
    
    Impact
    ======
    
    A local attacker can unlock session if they have other valid
    credentials, or under certain circumstances.
    
    References
    ==========
    
    https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3825
    https://gitlab.gnome.org/GNOME/gdm/issues/460
    https://security.archlinux.org/CVE-2019-3820
    https://security.archlinux.org/CVE-2019-3825
    

    Comments powered by CComment

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.