Security update for gnome-settings-daemon SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2186-1 Final 1 1 2024-06-24T22:27:52Z current 2024-06-24T22:27:52Z 2024-06-24T22:27:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnome-settings-daemon This update for gnome-settings-daemon fixes the following issues: - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-2186,SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2186,openSUSE-SLE-15.6-2024-2186 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242186-1/ Link for SUSE-SU-2024:2186-1 https://lists.suse.com/pipermail/sle-security-updates/2024-August/019245.html E-Mail link for SUSE-SU-2024:2186-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1226423 SUSE Bug 1226423 https://www.suse.com/security/cve/CVE-2024-38394/ SUSE CVE CVE-2024-38394 page SUSE Linux Enterprise Module for Desktop Applications 15 SP6 openSUSE Leap 15.6 gnome-settings-daemon-45.1-150600.3.3.1 gnome-settings-daemon-devel-45.1-150600.3.3.1 gnome-settings-daemon-lang-45.1-150600.3.3.1 gnome-settings-daemon-45.1-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 gnome-settings-daemon-devel-45.1-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 gnome-settings-daemon-lang-45.1-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 gnome-settings-daemon-45.1-150600.3.3.1 as a component of openSUSE Leap 15.6 gnome-settings-daemon-devel-45.1-150600.3.3.1 as a component of openSUSE Leap 15.6 gnome-settings-daemon-lang-45.1-150600.3.3.1 as a component of openSUSE Leap 15.6 ** DISPUTED ** Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE." CVE-2024-38394 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-settings-daemon-45.1-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-settings-daemon-devel-45.1-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gnome-settings-daemon-lang-45.1-150600.3.3.1 openSUSE Leap 15.6:gnome-settings-daemon-45.1-150600.3.3.1 openSUSE Leap 15.6:gnome-settings-daemon-devel-45.1-150600.3.3.1 openSUSE Leap 15.6:gnome-settings-daemon-lang-45.1-150600.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242186-1/ https://www.suse.com/security/cve/CVE-2024-38394.html CVE-2024-38394 https://bugzilla.suse.com/1226423 SUSE Bug 1226423