You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa sddm

Sigurnosni nedostaci programskog paketa sddm

——————————————————————————–
Fedora Update Notification
FEDORA-2014-12308
2014-10-08 17:46:38
——————————————————————————–

Name : sddm
Product : Fedora 20
Version : 0.9.0
Release : 2.20141007git6a28c29b.fc20
URL : https://github.com/sddm/sddm
Summary : QML based X11 desktop manager
Description :
SDDM is a modern display manager for X11 aiming to be fast, simple and
beautiful. It uses modern technologies like QtQuick, which in turn gives the
designer the ability to create smooth, animated user interfaces.

——————————————————————————–
Update Information:

Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272
——————————————————————————–
ChangeLog:

* Thu Oct 9 2014 Martin Briza <mbriza@redhat.com> – 0.9.0-2.20141007git6a28c29b
– Remove pam_gnome_keyring.so (temporarily) from sddm.pam to fix impossibility to log out
– Resolves: #1150283
* Tue Oct 7 2014 Martin Briza <mbriza@redhat.com> – 0.9.0-1.20141007git6a28c29b
– Bump to latest upstream git (and a new release)
– Hack around focus problem in the Fedora theme
– Compile against Qt5
– Removed upstreamed patch and files
– Resolves: #1114192 #1119777 #1123506 #1125129 #1140386 #1112841 #1128463 #1128465 #1149608 #1149628 #1148659 #1148660 #1149610 #1149629
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.2.0-0.32.20140627gitf49c2c79
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 27 2014 Martin Briza <mbriza@redhat.com> – 0.2.0-0.31.20140627gitf49c2c79
– Patch unitialized values in signal handler in the daemon
* Fri Jun 27 2014 Martin Briza <mbriza@redhat.com> – 0.2.0-0.30.20140627gitf49c2c79
– Bump to latest upstream, switch back to sddm project
– Drop sddm.service
– Enable manpage and journald support
* Tue Jun 24 2014 Martin Briza <mbriza@redhat.com> – 0.2.0-0.29.20140623gitdb1d7381
– Fix default config to respect the new /usr/share paths
– Fixed multiple users after autologin
* Mon Jun 23 2014 Martin Briza <mbriza@redhat.com> – 0.2.0-0.28.20140623gitdb1d7381
– Fix Requires, release
* Mon Jun 23 2014 Martin Briza <mbriza@redhat.com> – 0.2.0-0.27.20131125gitdb1d7381
– Updated to the latest upstream git
– Notable changes: Greeter runs under the sddm user, it’s possible to configure display setup, different install paths in /usr/share
– Resolves: #1034414 #1035939 #1035950 #1036308 #1038548 #1045722 #1045937 #1065715 #1082229 #1007067 #1027711 #1031745 #1008951 #1016902 #1031415 #1020921
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0.2.0-0.26.20131125git7a008602
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 1 2014 Rex Dieter <rdieter@fedoraproject.org> 0.2.0-0.25.20131125git7a008602
– update pam config (+pam_kwallet,-pam_mate_keyring)
* Mon Jan 27 2014 Adam Jackson <ajax@redhat.com> 0.2.0-0.24.20131125git7a008602
– Rebuild for new sonames in libxcb 1.10
* Mon Dec 16 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.23.20131125git7a008602
– Revert all work done on authentication, doesn’t support multiple logins right now
* Mon Nov 25 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.22.20131125git7a008602
– Fix saving of last session and user
* Mon Nov 25 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.21.20131125git7a008602
– Rebase to current upstream
– Fix the theme (and improve it by a bit)
– Fix the authentication stack
– Don’t touch numlock on startup
– Disabled the XDMCP server until it’s accepted upstream
– Resolves: #1016902 #1028799 #1031415 #1031745 #1020921 #1008951 #1004621
* Tue Nov 5 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.20.20130914git50ca5b20
– Fix xdisplay and tty vars
* Tue Nov 5 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.19.20130914git50ca5b20
– Patch cleanup
* Tue Nov 5 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.18.20130914git50ca5b20
– Cmake magic
* Tue Nov 5 2013 Martin Briza <mbriza@redhat.com> – 0.2.0-0.17.20130914git50ca5b20
– Rewritten the authentication stack to work right with PAM
——————————————————————————–
References:

[ 1 ] Bug #1149608 – CVE-2014-7271 sddm: user “sddm” can login without authentication.
https://bugzilla.redhat.com/show_bug.cgi?id=1149608
[ 2 ] Bug #1148659 – sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
https://bugzilla.redhat.com/show_bug.cgi?id=1148659
[ 3 ] Bug #1149610 – CVE-2014-7272 sddm: several local privileges escalation issues
https://bugzilla.redhat.com/show_bug.cgi?id=1149610
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update sddm’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa torque

Otkriven je sigurnosni nedostatak u programskom paketu torque. Otkriveni nedostatak se javlja kod pozivanja tm_adopt() funkcije. Potencijalnim napadačima omogućuje izvođenje...

Close