gdm, gnome security update

2017-08-24T01:37:12
ID CESA-2017:2128
Type centos
Reporter CentOS Project
Modified 2017-08-24T01:37:36

Description

CentOS Errata and Security Advisory CESA-2017:2128

The GNOME Display Manager (GDM) provides the graphical login screen shown shortly after boot up, log out, and when user-switching.

The following packages have been upgraded to a later upstream version: gdm (3.22.3), gnome-session (3.22.3). (BZ#1386862, BZ#1386957)

Security Fix(es):

  • It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. (CVE-2015-7496)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004125.html http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004164.html

Affected packages: gdm gdm-devel gnome-session gnome-session-custom-session gnome-session-xsession

Upstream details at: