Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorymoderatesecurity updateopenSUSE: 2020:1899-1 Moderate: sddm Access Control Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for sddm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1899-1 Rating: moderate References: #1177201 Cross-References: CVE-2020-28049 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sddm fixes the following issue: - Fix X not having access control on startup (boo#1177201, CVE-2020-28049). This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1899=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): sddm-0.18.0-bp152.5.3.1 sddm-branding-SLE-0.18.0-bp152.5.3.1 sddm-branding-openSUSE-0.18.0-bp152.5.3.1 sddm-branding-upstream-0.18.0-bp152.5.3.1 References: https://www.suse.com/security/cve/CVE-2020-28049.html https://bugzilla.suse.com/1177201 _______________________________________________ openSUSE Security Announce mailing list --
Nov 11, 2020
OpenSUSE
198
security advisoryprivilege escalationmedium severityArch Linux: ASA-202011-8 Medium: sddm Privilege Escalation Alert
The package sddm before version 0.19.0-1 is vulnerable to privilege escalation. . Arch Linux Security Advisory ASA-202011-8 ======================================== Severity: Medium Date : 2020-11-10 CVE-ID : CVE-2020-28049 Package : sddm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1266 Summary ====== The package sddm before version 0.19.0-1 is vulnerable to privilege escalation. Resolution ========= Upgrade to 0.19.0-1. # pacman -Syu "sddm> =0.19.0-1" The problem has been fixed upstream in version 0.19.0. Workaround ========= None. Description ========== A local privilege escalation has been discovered in the sddm display manager < 0.19.0. If the auth file is empty, X allows any local application (= any user on the system) to connect. This is currently the case until X wrote the display number to sddm and sddm used that to write the entry into the file. Impact ===== A local user might be able to escalate privileges. References ========= https://www.openwall.com/lists/oss-security/2020/11/04/2 https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222 https://security.archlinux.org/CVE-2020-28049 . The Arch Linux Security Advisory ASA-2023-5 pertains to a moderate severity vulnerability in sddm that allows for privilege escalation, requiring timely patches.. Arch Linux, sddm, privilege escalation, security advisory. . Severity: Medium. LinuxSecurity.com Team
Nov 10, 2020
•Medium
ArchLinux
203
security advisorysecurity issuecriticalMageia: 2020-0412 Critical: sddm Race Condition Exploit
Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges (CVE-2020-28049). References: . MGASA-2020-0412 - Updated sddm package fixes a security vulnerability Publication date: 10 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0412.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-28049 Fabian Vogt discovered a flaw in sddm before 0.19.0. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges (CVE-2020-28049). References: - https://bugs.mageia.org/show_bug.cgi?id=27565 - https://lists.debian.org/debian-security-announce/2020/msg00190.html - https://www.openwall.com/lists/oss-security/2020/11/04/2 - https://www.cve.org/CVERecord?id=CVE-2020-28049 SRPMS: - 7/core/sddm-0.18.1-3.1.mga7 . The new version of the sddm package addresses a critical security vulnerability in Mageia, improving overall system safety.. sddm security update,mageia privilege escalation,local attacker flaw,sddm race condition. . Severity: Critical. LinuxSecurity.com Team
Nov 10, 2020
•Critical
Mageia
202
security advisorymoderateupdateopenSUSE Leap 15.2: openSUSE-SU-2020:1870-1 Moderate: sddm Access Control
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for sddm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1870-1 Rating: moderate References: #1177201 Cross-References: CVE-2020-28049 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sddm fixes the following issue: - Fix X not having access control on startup (boo#1177201, CVE-2020-28049). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1870=1 - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1870=1 Package List: - openSUSE Leap 15.2 (x86_64): sddm-0.18.0-lp152.5.3.1 sddm-branding-openSUSE-0.18.0-lp152.5.3.1 sddm-branding-upstream-0.18.0-lp152.5.3.1 sddm-debuginfo-0.18.0-lp152.5.3.1 sddm-debugsource-0.18.0-lp152.5.3.1 - openSUSE Leap 15.1 (x86_64): sddm-0.18.0-lp151.3.6.1 sddm-branding-openSUSE-0.18.0-lp151.3.6.1 sddm-branding-upstream-0.18.0-lp151.3.6.1 sddm-debuginfo-0.18.0-lp151.3.6.1 sddm-debugsource-0.18.0-lp151.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-28049.html https://bugzilla.suse.com/1177201 -- . A recent update for openSUSE addressing sddm resolves a significant security vulnerability linked to CVE-2021-12345.. openSUSE Update, sddm Security, Access Control Issue, Security Patch, Moderate Rating. . LinuxSecurity.com Team
Nov 07, 2020
OpenSUSE
87
security advisorydebianprivilege escalationDebian: DSA-4783-1 Local Attack Risks in sddm Mitigated
Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4783-1
Nov 05, 2020
•Important
Debian
202
security advisorymoderateauthentication issueopenSUSE Leap 15.0: 2018:2310-1 Moderate: sddm Authentication Issue
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for sddm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2310-1 Rating: moderate References: #1099908 #1101450 Cross-References: CVE-2018-14345 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sddm fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14345: Fixed the authentication, which did not check the password for users with an already existing session and allowed any user with access to the system bus to unlock any graphical session. (boo#1101450) The following other bugs were addressed: - Fallback to embedded theme, if none is set - Corrected section name for Wayland - Removed patch, which is no longer needed, because bug in libxcb was fixed in the meanwhile (boo#1099908) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-862=1 Package List: - openSUSE Leap 15.0 (x86_64): sddm-0.17.0-lp150.9.3.1 sddm-branding-openSUSE-0.17.0-lp150.9.3.1 sddm-branding-upstream-0.17.0-lp150.9.3.1 sddm-debuginfo-0.17.0-lp150.9.3.1 sddm-debugsource-0.17.0-lp150.9.3.1 References: https://www.suse.com/security/cve/CVE-2018-14345.html https://bugzilla.suse.com/1099908 https://bugzilla.suse.com/1101450 -- . openSUSE Security Update: Security update for sddm _________________________________________________. update, solves, vulnerability, errata,opensuse, security, updat. . LinuxSecurity.com Team
Aug 13, 2018
OpenSUSE
89
security advisoryupdateFedoraFedora 22: 2015:9f996ea146 Critical: sddm Access Control Issue
sddm-0.12.0-5.fc22 - Security fix for CVE-2015-0856 ---- Refresh to latest stable upstream release, see: https://github.com/sddm/sddm/wiki/ -Release-Announcement. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-9f996ea146 2015-11-12 21:42:38.336761 -------------------------------------------------------------------------------- Name : sddm Product : Fedora 22 Version : 0.12.0 Release : 5.fc22 URL : https://github.com/sddm/sddm Summary : QML based X11 desktop manager Description : SDDM is a modern display manager for X11 aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. -------------------------------------------------------------------------------- Update Information: sddm-0.12.0-5.fc22 - Security fix for CVE-2015-0856 ---- Refresh to latest stable upstream release, see: https://github.com/sddm/sddm/wiki/ -Release-Announcement -------------------------------------------------------------------------------- References: [ 1 ] Bug #1271992 - CVE-2015-0856 sddm: Access to the KDE crash handler https://bugzilla.redhat.com/show_bug.cgi?id=1271992 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sddm' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 13, 2015
•Critical
Fedora
89
security advisorycriticalFedoraFedora 23: Critical SDDM Access Issue Fix - CVE-2015-0856
sddm-0.12.0-5.fc23 - Security fix for CVE-2015-0856. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-b15b90eeaa 2015-10-31 16:04:40.594018 -------------------------------------------------------------------------------- Name : sddm Product : Fedora 23 Version : 0.12.0 Release : 5.fc23 URL : https://github.com/sddm/sddm Summary : QML based X11 desktop manager Description : SDDM is a modern display manager for X11 aiming to be fast, simple and beautiful. It uses modern technologies like QtQuick, which in turn gives the designer the ability to create smooth, animated user interfaces. -------------------------------------------------------------------------------- Update Information: sddm-0.12.0-5.fc23 - Security fix for CVE-2015-0856 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1271992 - CVE-2015-0856 sddm: Access to the KDE crash handler https://bugzilla.redhat.com/show_bug.cgi?id=1271992 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sddm' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 31, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!