ALT Linux Team

Package gdm update in sisyphus on 2020-12-15

ALT-PU-2020-3514-1

Package gdm updated to version 3.38.2.1-alt1 for branch sisyphus in task 263493.

Closed vulnerabilities

Published: 2020-12-28
Modified: 2024-11-21

CVE-2020-27837

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.

Severity: MEDIUM (6.4) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top