oss-sec mailing list archives
Re: various sddm vulnerabilities
From: Martin Bříza <mbriza () redhat com>
Date: Thu, 02 Oct 2014 19:17:23 +0200
On Wed, 01 Oct 2014 13:24:52 +0200, Sebastian Krahmer <krahmer () suse de> wrote:
Hi During review we found several issues in the sddm display manager which allow local users to obtain root privileges. More on this is here: https://bugzilla.suse.com/show_bug.cgi?id=897788 Sebastian
Hi, first, please let me thank you for your very valuable input, Sebastian.We (me and d_ed, David Edmundson) took a look at this. Although we don't believe any of the issues you reported could lead to a privilege escalation (as some of the resulting bugreports suggest), we consider them to be security issues. Currently, there are two pull requests open [1] [2] potentionally fixing all mentioned issues. We're waiting for peer review from the other developers and possibly yours, too.
Cheers, Martin [1] https://github.com/sddm/sddm/pull/279 [2] https://github.com/sddm/sddm/pull/280
Current thread:
- various sddm vulnerabilities Sebastian Krahmer (Oct 01)
- Re: various sddm vulnerabilities Martin Bříza (Oct 02)
- Re: various sddm vulnerabilities cve-assign (Oct 05)