Описание
Security update for sddm
This update for sddm fixes the following issue:
- Fix X not having access control on startup (boo#1177201, CVE-2020-28049).
Список пакетов
openSUSE Leap 15.1
sddm-0.18.0-lp152.5.3.1
sddm-branding-openSUSE-0.18.0-lp152.5.3.1
sddm-branding-upstream-0.18.0-lp152.5.3.1
openSUSE Leap 15.2
sddm-0.18.0-lp152.5.3.1
sddm-branding-openSUSE-0.18.0-lp152.5.3.1
sddm-branding-upstream-0.18.0-lp152.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1870-1
- SUSE Security Ratings
- SUSE Bug 1177201
- SUSE CVE CVE-2020-28049 page
Описание
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
Затронутые продукты
openSUSE Leap 15.1:sddm-0.18.0-lp152.5.3.1
openSUSE Leap 15.1:sddm-branding-openSUSE-0.18.0-lp152.5.3.1
openSUSE Leap 15.1:sddm-branding-upstream-0.18.0-lp152.5.3.1
openSUSE Leap 15.2:sddm-0.18.0-lp152.5.3.1
Ссылки
- CVE-2020-28049
- SUSE Bug 1177201