liblightdm-gobject-1-0-1.21.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10033-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z liblightdm-gobject-1-0-1.21.1-1.1 on GA media These are all security issues fixed in the liblightdm-gobject-1-0-1.21.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10033 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3153/ SUSE CVE CVE-2011-3153 page https://www.suse.com/security/cve/CVE-2011-3349/ SUSE CVE CVE-2011-3349 page https://www.suse.com/security/cve/CVE-2011-4105/ SUSE CVE CVE-2011-4105 page https://www.suse.com/security/cve/CVE-2012-1111/ SUSE CVE CVE-2012-1111 page openSUSE Tumbleweed liblightdm-gobject-1-0-1.21.1-1.1 liblightdm-qt-3-0-1.21.1-1.1 liblightdm-qt5-3-0-1.21.1-1.1 lightdm-1.21.1-1.1 lightdm-gobject-devel-1.21.1-1.1 lightdm-lang-1.21.1-1.1 lightdm-qt-devel-1.21.1-1.1 lightdm-qt5-devel-1.21.1-1.1 typelib-1_0-LightDM-1-1.21.1-1.1 liblightdm-gobject-1-0-1.21.1-1.1 as a component of openSUSE Tumbleweed liblightdm-qt-3-0-1.21.1-1.1 as a component of openSUSE Tumbleweed liblightdm-qt5-3-0-1.21.1-1.1 as a component of openSUSE Tumbleweed lightdm-1.21.1-1.1 as a component of openSUSE Tumbleweed lightdm-gobject-devel-1.21.1-1.1 as a component of openSUSE Tumbleweed lightdm-lang-1.21.1-1.1 as a component of openSUSE Tumbleweed lightdm-qt-devel-1.21.1-1.1 as a component of openSUSE Tumbleweed lightdm-qt5-devel-1.21.1-1.1 as a component of openSUSE Tumbleweed typelib-1_0-LightDM-1-1.21.1-1.1 as a component of openSUSE Tumbleweed dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. CVE-2011-3153 openSUSE Tumbleweed:liblightdm-gobject-1-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt-3-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt5-3-0-1.21.1-1.1 openSUSE Tumbleweed:lightdm-1.21.1-1.1 openSUSE Tumbleweed:lightdm-gobject-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-lang-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt5-devel-1.21.1-1.1 openSUSE Tumbleweed:typelib-1_0-LightDM-1-1.21.1-1.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3153.html CVE-2011-3153 https://bugzilla.suse.com/728627 SUSE Bug 728627 lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. CVE-2011-3349 openSUSE Tumbleweed:liblightdm-gobject-1-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt-3-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt5-3-0-1.21.1-1.1 openSUSE Tumbleweed:lightdm-1.21.1-1.1 openSUSE Tumbleweed:lightdm-gobject-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-lang-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt5-devel-1.21.1-1.1 openSUSE Tumbleweed:typelib-1_0-LightDM-1-1.21.1-1.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3349.html CVE-2011-3349 https://bugzilla.suse.com/708205 SUSE Bug 708205 LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. CVE-2011-4105 openSUSE Tumbleweed:liblightdm-gobject-1-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt-3-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt5-3-0-1.21.1-1.1 openSUSE Tumbleweed:lightdm-1.21.1-1.1 openSUSE Tumbleweed:lightdm-gobject-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-lang-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt5-devel-1.21.1-1.1 openSUSE Tumbleweed:typelib-1_0-LightDM-1-1.21.1-1.1 moderate 1.9 AV:L/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4105.html CVE-2011-4105 https://bugzilla.suse.com/730062 SUSE Bug 730062 lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact. CVE-2012-1111 openSUSE Tumbleweed:liblightdm-gobject-1-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt-3-0-1.21.1-1.1 openSUSE Tumbleweed:liblightdm-qt5-3-0-1.21.1-1.1 openSUSE Tumbleweed:lightdm-1.21.1-1.1 openSUSE Tumbleweed:lightdm-gobject-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-lang-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt-devel-1.21.1-1.1 openSUSE Tumbleweed:lightdm-qt5-devel-1.21.1-1.1 openSUSE Tumbleweed:typelib-1_0-LightDM-1-1.21.1-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1111.html CVE-2012-1111 https://bugzilla.suse.com/745339 SUSE Bug 745339