Summary: | <x11-misc/lightdm-gtk-greeter-1.9.0: local DoS due to NULL pointer dereference (CVE-2014-0979) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hwoarang |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1049420 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-01-08 16:19:38 UTC
CVE-2014-0979 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0979): The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. @maintainer: Please stabilize a fixed version and remove the vulnerable versions. Devaway... and newer version is already stabilized. Removing vulnerable ebuilds: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=897bc831db8078bac097f66d2dfca520be4ff99e GLSA Vote: No Missed the arm keyword: @arm, please stabilize: =x11-misc/lightdm-gtk-greeter-2.0.1-r1 arm stable, all arches done. vulnerable versions dropped. |