ALT-PU-2024-8096-2

Package update gnome-remote-desktop in branch sisyphus

Version46.2-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость пакета для удаленного подключения к компьютеру GNOME Remote Desktop, связанная с предоставлением элемента данных для ошибочного сеанса, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-07-23

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2024-5148

HIGH7.5

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.

Published: 2024-09-02Modified: 2026-04-15

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References