Security update for sddm
This update for sddm fixes the following issues:
The following security vulnerability was addressed:
- CVE-2018-14345: Fixed the authentication, which did not check the password
for users with an already existing session and allowed any user with access
to the system bus to unlock any graphical session. (boo#1101450)
The following other bugs were addressed:
- Fallback to embedded theme, if none is set
- Corrected section name for Wayland
- Removed patch, which is no longer needed, because bug in libxcb was fixed
in the meanwhile (boo#1099908)
-
Submitted by
Fabian Vogt (Vogtinator)
Fixed bugs
bnc#1101450
VUL-0: CVE-2018-14345: sddm: unlock existing sessions without authentication if ReuseSession=true
bnc#1099908
sddm erase the whole content of ~/.Xauthority
