Download
| Alert*
oval:org.secpod.oval:def:89043747
This update for gdm fixes the following security issue: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, r ... oval:org.secpod.oval:def:2102505 The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution ... oval:org.secpod.oval:def:51104 gdm3: GNOME Display Manager GDM could be made to crash or run programs as the administrator. oval:org.secpod.oval:def:114966 GDM, the GNOME Display Manager, handles authentication-related backend functionality for logging in a user and unlocking the user's session after it's been locked. GDM also provides functionality for initiating user-switching, so more than one user can be logged in at the same time. It handl ... oval:org.secpod.oval:def:704276 gdm3: GNOME Display Manager GDM could be made to crash or run programs as the administrator. oval:org.secpod.oval:def:89049677 This update for gdm provides the following fixes: This security issue was fixed: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted sequence ... oval:org.secpod.oval:def:53394 Chris Coulson discovered a use-after-free flaw in the GNOME Display Manager, triggerable by an unprivileged user via a specially crafted sequence of D-Bus method calls, leading to denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:603485 Chris Coulson discovered a use-after-free flaw in the GNOME Display Manager, triggerable by an unprivileged user via a specially crafted sequence of D-Bus method calls, leading to denial of service or potentially the execution of arbitrary code. |