Описание
Security update for gnome-settings-daemon
This update for gnome-settings-daemon fixes the following issues:
- CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
gnome-settings-daemon-41.0-150500.4.3.1
gnome-settings-daemon-devel-41.0-150500.4.3.1
gnome-settings-daemon-lang-41.0-150500.4.3.1
openSUSE Leap 15.5
gnome-settings-daemon-41.0-150500.4.3.1
gnome-settings-daemon-devel-41.0-150500.4.3.1
gnome-settings-daemon-lang-41.0-150500.4.3.1
Ссылки
- Link for SUSE-SU-2024:2168-1
- E-Mail link for SUSE-SU-2024:2168-1
- SUSE Security Ratings
- SUSE Bug 1226423
- SUSE CVE CVE-2024-38394 page
Описание
** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-settings-daemon-41.0-150500.4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-settings-daemon-devel-41.0-150500.4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gnome-settings-daemon-lang-41.0-150500.4.3.1
openSUSE Leap 15.5:gnome-settings-daemon-41.0-150500.4.3.1
Ссылки
- CVE-2024-38394
- SUSE Bug 1226423