What Are You Looking For?

Sign Up
MGASA-2020-0412 - Updated sddm package fixes a security vulnerability

Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0412.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-28049

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take
advantage of a race condition when creating the Xauthority file to escalate
privileges (CVE-2020-28049).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27565
- https://www.debian.org/security/2020/dsa-4783
- https://www.openwall.com/lists/oss-security/2020/11/04/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28049

SRPMS:
- 7/core/sddm-0.18.1-3.1.mga7

Mageia 2020-0412: sddm security update

Fabian Vogt discovered a flaw in sddm before 0.19.0

Summary

Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges (CVE-2020-28049).

References

- https://bugs.mageia.org/show_bug.cgi?id=27565

- https://www.debian.org/security/2020/dsa-4783

- https://www.openwall.com/lists/oss-security/2020/11/04/2

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28049

Resolution

MGASA-2020-0412 - Updated sddm package fixes a security vulnerability

SRPMS

- 7/core/sddm-0.18.1-3.1.mga7

Severity
Publication date: 10 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0412.html
Type: security
CVE: CVE-2020-28049

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Linux Malware: What To Know About the Malware Threat

Aug 21, 2023

Kubernetes vs. Docker: Exploring the Synergy in Containerization

Apr 10, 2023

Microsoft Opens Azure Confidential Containers to Public Preview

Mar 6, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo