Overview

File _patchinfo of Package patchinfo.8764

<patchinfo incident="8764">
  <issue id="1103737" tracker="bnc">VUL-0: CVE-2018-14424: gdm: Use-after-free in GDM</issue>
  <issue id="2018-14424" tracker="cve" />
  <issue tracker="bnc" id="1103093">gdm SUSEPasswordlessEnable missing in gdm.schemas</issue>
  <issue tracker="bnc" id="1081947">PAM module pam_keyinit is still not integrated in the SUSE PAM stack</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>zhangxiaofei</packager>
  <description>This update for gdm provides the following fixes:

This security issue was fixed:

- CVE-2018-14424: The daemon in GDM did not properly unexport display objects
  from its D-Bus interface when they are destroyed, which allowed a local
  attacker to trigger a use-after-free via a specially crafted sequence of D-Bus
  method calls, resulting in a denial of service or potential code execution
  (bsc#1103737)

These non-security issues were fixed:

- Enable pam_keyinit module (bsc#1081947)
- Fix a build race in SLE (bsc#1103093)

This update was imported from the SUSE:SLE-15:Update update project.</description>
  <summary>Security update for gdm</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places