Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

openSUSE Leap 15.0: 2018:2818-1 Moderate: GDM Denial of Service Risk

opensuse
Calendar Grey September 24, 2018
Dist Opensuse Esm H88
openSUSE Security Update: Security update for gdm Announcement ID: openSUSE-SU-2018:2818-1 Rating: m
An update that solves one vulnerability and has two fixes is now available.

Description

This update for gdm provides the following fixes:

This security issue was fixed:

- CVE-2018-14424: The daemon in GDM did not properly unexport display

objects from its D-Bus interface when they are destroyed, which allowed

a local attacker to trigger a use-after-free via a specially crafted

sequence of D-Bus method calls, resulting in a denial of service or

potential code execution (bsc#1103737)

These non-security issues were fixed:

- Enable pam_keyinit module (bsc#1081947)

- Fix a build race in SLE (bsc#1103093)

This update was imported from the SUSE:SLE-15:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1037=1

Package List

- openSUSE Leap 15.0 (x86_64):

gdm-3.26.2.1-lp150.11.3.1

gdm-debuginfo-3.26.2.1-lp150.11.3.1

gdm-debugsource-3.26.2.1-lp150.11.3.1

gdm-devel-3.26.2.1-lp150.11.3.1

libgdm1-3.26.2.1-lp150.11.3.1

libgdm1-debuginfo-3.26.2.1-lp150.11.3.1

typelib-1_0-Gdm-1_0-3.26.2.1-lp150.11.3.1

- openSUSE Leap 15.0 (noarch):

gdm-branding-upstream-3.26.2.1-lp150.11.3.1

gdm-lang-3.26.2.1-lp150.11.3.1

gdmflexiserver-3.26.2.1-lp150.11.3.1

References

https://www.suse.com/security/cve/CVE-2018-14424.html

https://bugzilla.suse.com/show_bug.cgi?id=1081947

https://bugzilla.suse.com/show_bug.cgi?id=1103093

https://bugzilla.suse.com/show_bug.cgi?id=1103737

--

Announcement ID: openSUSE-SU-2018:2818-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.