User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0026 (lightdm-gtk-greeter)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0026: Updated lightdm-gtk-greeter fixes CVE-2014-0979
Date:  Fri, 24 Jan 2014 22:01:38 +0100
Message-ID:  <20140124210138.9BFB943C8C@valstar.mageia.org>

MGASA-2014-0026 - Updated lightdm-gtk-greeter fixes CVE-2014-0979 Publication date: 24 Jan 2014 URL: http://advisories.mageia.org/MGASA-2014-0026.html Type: security Affected Mageia releases: 3 CVE: CVE-2014-0979 Description: Updated lightdm-gtk-greeter package fixes security vulnerability: lightdm-gtk-greeter uses the lightdm-gobject API incorrectly and does not handle lightdm_greeter_get_authentication_user() returning NULL when the username of the previous authentication is invalid resulting in a NULL pointer dereference in start_authentication(). This constitutes a local denial of service which can be triggered by any unprivileged attacker requiring the intervention of an administrator to restart lightdm (CVE-2014-0979). References: - http://openwall.com/lists/oss-security/2014/01/07/5 - http://lists.opensuse.org/opensuse-updates/2014-01/msg000... - https://bugs.mageia.org/show_bug.cgi?id=12238 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0979 SRPMS: - 3/core/lightdm-gtk-greeter-1.3.1-6.1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds