Описание
Security update for gnome-settings-daemon
gnome-settings-daemon was updated to fix a bug and a security issue:
Security issue fixed:
- CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button.
Bug fixed:
- Do not hide the cursor while there was no mutter running (bsc#905158).
Список пакетов
SUSE Linux Enterprise Desktop 12
gnome-settings-daemon-3.10.2-20.1
gnome-settings-daemon-lang-3.10.2-20.1
SUSE Linux Enterprise Server 12
gnome-settings-daemon-3.10.2-20.1
gnome-settings-daemon-lang-3.10.2-20.1
SUSE Linux Enterprise Server for SAP Applications 12
gnome-settings-daemon-3.10.2-20.1
gnome-settings-daemon-lang-3.10.2-20.1
SUSE Linux Enterprise Software Development Kit 12
gnome-settings-daemon-devel-3.10.2-20.1
Ссылки
- Link for SUSE-SU-2015:0515-1
- E-Mail link for SUSE-SU-2015:0515-1
- SUSE Security Ratings
- SUSE Bug 900031
- SUSE Bug 905158
- SUSE CVE CVE-2014-7300 page
Описание
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:gnome-settings-daemon-3.10.2-20.1
SUSE Linux Enterprise Desktop 12:gnome-settings-daemon-lang-3.10.2-20.1
SUSE Linux Enterprise Server 12:gnome-settings-daemon-3.10.2-20.1
SUSE Linux Enterprise Server 12:gnome-settings-daemon-lang-3.10.2-20.1
Ссылки
- CVE-2014-7300
- SUSE Bug 900031