From $URL: Pavel Avgustinov discovered that sddm does not disable the KDE crash handler, and certain themes would allow shell access to the sddm user as a result in case of a crash. Upstream fix: https://github.com/sddm/sddm/commit/4cfed6b0a625593fb43876f04badc4dd99799d86
Fixed with https://github.com/gentoo/gentoo/commit/b10b19ab1f8fb85673011d7f37f6cf1a6ab4bb2e
Sorry, I forgot to do a revision bump, will do it in a moment.
Revision bumped.
I did a mistake again. sddm-0.11.0-r3 was stable, returning it back. Also patch apply fails, I'll fix it in a moment.
No, ok, it is unstable (something bad with my eix may be), anyway I'm going to fix patch.
Patch fixed. This bug can be processed further by security team.
CVE-2015-0856: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0856 daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. Propose cleanup of previous ebuilds which are still vulnerable.
commit 995cfe07a14973a5e9207995fdb60c18e4442615 Author: Manuel Rüger <mrueg@gentoo.org> Date: Mon Feb 15 23:59:16 2016 +0100 x11-misc/sddm: Remove vulnerable Package-Manager: portage-2.2.27
During the initial assesment it was unsure if root privileges could be gained through this crash. After further review, privileges can only be escalated to that of the sddm user. Redesignated as a B4. GLSA Vote: No