gdm-41.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11547-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdm-41.0-1.1 on GA media These are all security issues fixed in the gdm-41.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11547 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-16125/ SUSE CVE CVE-2020-16125 page https://www.suse.com/security/cve/CVE-2020-27837/ SUSE CVE CVE-2020-27837 page openSUSE Tumbleweed gdm-41.0-1.1 gdm-branding-upstream-41.0-1.1 gdm-devel-41.0-1.1 gdm-lang-41.0-1.1 gdm-systemd-41.0-1.1 gdmflexiserver-41.0-1.1 libgdm1-41.0-1.1 typelib-1_0-Gdm-1_0-41.0-1.1 gdm-41.0-1.1 as a component of openSUSE Tumbleweed gdm-branding-upstream-41.0-1.1 as a component of openSUSE Tumbleweed gdm-devel-41.0-1.1 as a component of openSUSE Tumbleweed gdm-lang-41.0-1.1 as a component of openSUSE Tumbleweed gdm-systemd-41.0-1.1 as a component of openSUSE Tumbleweed gdmflexiserver-41.0-1.1 as a component of openSUSE Tumbleweed libgdm1-41.0-1.1 as a component of openSUSE Tumbleweed typelib-1_0-Gdm-1_0-41.0-1.1 as a component of openSUSE Tumbleweed gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. CVE-2020-16125 openSUSE Tumbleweed:gdm-41.0-1.1 openSUSE Tumbleweed:gdm-branding-upstream-41.0-1.1 openSUSE Tumbleweed:gdm-devel-41.0-1.1 openSUSE Tumbleweed:gdm-lang-41.0-1.1 openSUSE Tumbleweed:gdm-systemd-41.0-1.1 openSUSE Tumbleweed:gdmflexiserver-41.0-1.1 openSUSE Tumbleweed:libgdm1-41.0-1.1 openSUSE Tumbleweed:typelib-1_0-Gdm-1_0-41.0-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16125.html CVE-2020-16125 https://bugzilla.suse.com/1140851 SUSE Bug 1140851 https://bugzilla.suse.com/1178150 SUSE Bug 1178150 A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. CVE-2020-27837 openSUSE Tumbleweed:gdm-41.0-1.1 openSUSE Tumbleweed:gdm-branding-upstream-41.0-1.1 openSUSE Tumbleweed:gdm-devel-41.0-1.1 openSUSE Tumbleweed:gdm-lang-41.0-1.1 openSUSE Tumbleweed:gdm-systemd-41.0-1.1 openSUSE Tumbleweed:gdmflexiserver-41.0-1.1 openSUSE Tumbleweed:libgdm1-41.0-1.1 openSUSE Tumbleweed:typelib-1_0-Gdm-1_0-41.0-1.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27837.html CVE-2020-27837 https://bugzilla.suse.com/1180206 SUSE Bug 1180206