Security update for gdm
This update for gdm provides the following fixes:
This security issue was fixed:
- CVE-2018-14424: The daemon in GDM did not properly unexport display objects
from its D-Bus interface when they are destroyed, which allowed a local
attacker to trigger a use-after-free via a specially crafted sequence of D-Bus
method calls, resulting in a denial of service or potential code execution
(bsc#1103737)
These non-security issues were fixed:
- Enable pam_keyinit module (bsc#1081947)
- Fix a build race in SLE (bsc#1103093)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Felix Zhang (zhangxiaofei)
Fixed bugs
bnc#1103737
VUL-0: CVE-2018-14424: gdm: Use-after-free in GDM
bnc#1103093
gdm SUSEPasswordlessEnable missing in gdm.schemas
bnc#1081947
PAM module pam_keyinit is still not integrated in the SUSE PAM stack
