Security update for gdm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2818-1 Final 1 1 2018-09-24T06:06:38Z current 2018-09-24T06:06:38Z 2018-09-24T06:06:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdm This update for gdm provides the following fixes: This security issue was fixed: - CVE-2018-14424: The daemon in GDM did not properly unexport display objects from its D-Bus interface when they are destroyed, which allowed a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution (bsc#1103737) These non-security issues were fixed: - Enable pam_keyinit module (bsc#1081947) - Fix a build race in SLE (bsc#1103093) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00066.html E-Mail link for openSUSE-SU-2018:2818-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 gdm-3.26.2.1-lp150.11.3.1 gdm-branding-upstream-3.26.2.1-lp150.11.3.1 gdm-devel-3.26.2.1-lp150.11.3.1 gdm-lang-3.26.2.1-lp150.11.3.1 gdmflexiserver-3.26.2.1-lp150.11.3.1 libgdm1-3.26.2.1-lp150.11.3.1 typelib-1_0-Gdm-1_0-3.26.2.1-lp150.11.3.1 gdm-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 gdm-branding-upstream-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 gdm-devel-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 gdm-lang-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 gdmflexiserver-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 libgdm1-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 typelib-1_0-Gdm-1_0-3.26.2.1-lp150.11.3.1 as a component of openSUSE Leap 15.0 The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. CVE-2018-14424 openSUSE Leap 15.0:gdm-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:gdm-branding-upstream-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:gdm-devel-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:gdm-lang-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:gdmflexiserver-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:libgdm1-3.26.2.1-lp150.11.3.1 openSUSE Leap 15.0:typelib-1_0-Gdm-1_0-3.26.2.1-lp150.11.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-09/msg00066.html https://www.suse.com/security/cve/CVE-2018-14424.html CVE-2018-14424 https://bugzilla.suse.com/1103737 SUSE Bug 1103737