You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa gdm3

Sigurnosni nedostatak programskog paketa gdm3

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4614-1
November 03, 2020

gdm3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS

Summary:

GDM could be made to create privileged users.

Software Description:
– gdm3: GNOME Display Manager

Details:

Kevin Backhouse discovered that GDM incorrectly launched the initial setup
tool when the accountsservice daemon was not reachable. A local attacker
able to cause accountsservice to crash or stop responding could trick GDM
into launching the initial setup tool and create a privileged user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
gdm3 3.38.1-2ubuntu1.1

Ubuntu 20.04 LTS:
gdm3 3.36.3-0ubuntu0.20.04.2

Ubuntu 18.04 LTS:
gdm3 3.28.3-0ubuntu18.04.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4614-1
CVE-2020-16125

Package Information:
https://launchpad.net/ubuntu/+source/gdm3/3.38.1-2ubuntu1.1
https://launchpad.net/ubuntu/+source/gdm3/3.36.3-0ubuntu0.20.04.2
https://launchpad.net/ubuntu/+source/gdm3/3.28.3-0ubuntu18.04.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+hgpEACgkQZWnYVadE
vpPwQw/6A6Bh5+WLm5Dagzvf/VagR/BNvGnQCvqNfj4pqOYRuxlxdrDRKfOilxww
PbCc1vXoCi2MAmSCvT1myreP6uEzhhh6k4FD9qLHMGW0n/mP9d0HrA6GdCOkl5nG
XYobgPWwOLuXq7uUMCKZN05pgiqjf1O/V/KEuhsNYaydZRqEy1v8nk9rtDRpF9A/
I3Um15c37dO8lGw3klWQMCeu4UVSYY57xLFgP8+cHegCRUaupHYpe/163oPhbq62
3kQ4vcJTq/+Nss48SNCgQH/ybYcEcNgipDUVCi8Sb/qt+PQyjnLt8/5JUJ9b0xPz
g7TTdgO9VTURedTZ3LqMHRhIlazCg6jytUTrkroZfvHsDcSgkTb84tBYb41ufwB3
y97NUY0OpmEE36RonmuJS4rM9qpjry2MQZJC3weuHkQOmVjffrti/lD7x/Ma1kC5
eXaRs17WC8CMO56AWHx8j9Dp6dTKtBvxaS4j7oTTrt9sumX2l/glQq9vdE750nXo
42Qn1Hl5bEFUoBSydAY1QkNAscjTew+Q1aMLqAunrf2U48RGJiggAZtlaYqQjZPO
bCjfZIYsSQkPDorhDY6xQC426MzJ446WqJ6bEdrQZX+ArxCC8bPjPbWowtyzwhFW
ajpS6TnpI7p7TOxPOZcGjZHixLJaya7csn6afjhT+XNUMfY7joE=
=v6Zx
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa AccountsService

Otkriveni su sigurnosni nedostaci u programskom paketu AccountsService za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close