Jump to:

CVE-2018-14424

Jump to:

CVE-2018-14424

Package gdm updated to version 3.28.3-alt1 for branch sisyphus in task 211356.

Published: 2018-08-14
Modified: 2024-11-21

CVE-2018-14424

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

105179
105179
https://gitlab.gnome.org/GNOME/gdm/issues/401
https://gitlab.gnome.org/GNOME/gdm/issues/401
[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update
[debian-lts-announce] 20180905 [SECURITY] [DLA 1494-1] gdm3 security update
USN-3737-1
USN-3737-1
DSA-4270
DSA-4270

Version: 2.1.0

Package gdm update in sisyphus on 2018-08-14

ALT-PU-2018-2142-1

Closed vulnerabilities

CVE-2018-14424