Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2017:2128
HistoryAug 24, 2017 - 1:37 a.m.

gdm, gnome security update

2017-08-2401:37:12
CentOS Project
lists.centos.org
66

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.7%

JSON

CentOS Errata and Security Advisory CESA-2017:2128

The GNOME Display Manager (GDM) provides the graphical login screen shown shortly after boot up, log out, and when user-switching.

The following packages have been upgraded to a later upstream version: gdm (3.22.3), gnome-session (3.22.3). (BZ#1386862, BZ#1386957)

Security Fix(es):

  • It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. (CVE-2015-7496)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030395.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030434.html

Affected packages:
gdm
gdm-devel
gnome-session
gnome-session-custom-session
gnome-session-xsession

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2128

Related

nessus 8
ubuntucve 1
mageia 1
cve 1
fedora 1
cvelist 1
nvd 1
redhat 1
oraclelinux 1
openvas 4
prion 1
debiancve 1
freebsd 1
nessus
nessus
EulerOS 2.0 SP1 : gdm (EulerOS-SA-2017-1173)
2017-09-08 00:00:00
EulerOS 2.0 SP2 : gdm (EulerOS-SA-2017-1174)
2017-09-08 00:00:00
FreeBSD : gdm -- lock screen bypass when holding escape key (68847b20-8ddc-11e5-b69c-c86000169601)
2015-11-19 00:00:00
ubuntucve
ubuntucve
CVE-2015-7496
2015-11-24 00:00:00
mageia
mageia
Updated gdm packages fix security vulnerability
2017-08-08 01:16:24
cve
cve
CVE-2015-7496
2015-11-24 20:59:06
fedora
fedora
[SECURITY] Fedora 23 Update: gdm-3.18.2-1.fc23
2015-11-22 02:26:25
cvelist
cvelist
CVE-2015-7496
2015-11-24 20:00:00
nvd
nvd
CVE-2015-7496
2015-11-24 20:59:06
redhat
redhat
(RHSA-2017:2128) Moderate: gdm and gnome-session security, bug fix, and enhancement update
2017-08-01 05:58:39
oraclelinux
oraclelinux
gdm and gnome-session security, bug fix, and enhancement update
2017-08-07 00:00:00
openvas
openvas
RedHat Update for gdm and gnome-session RHSA-2017:2128-01
2017-08-04 00:00:00
Mageia: Security Advisory (MGASA-2017-0248)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for gdm (EulerOS-SA-2017-1174)
2020-01-23 00:00:00
prion
prion
Code injection
2015-11-24 20:59:00
debiancve
debiancve
CVE-2015-7496
2015-11-24 20:59:06
freebsd
freebsd
gdm -- lock screen bypass when holding escape key
2015-11-12 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.7%

JSON
Related for CESA-2017:2128
nessus8ubuntucve1mageia1cve1fedora1cvelist1nvd1redhat1oraclelinux1openvas4prion1debiancve1freebsd1