Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 662782 (CVE-2018-14424) - <gnome-base/gdm-3.24.3-r1: use-after-free in the GDM daemon (CVE-2018-14424)
Summary: <gnome-base/gdm-3.24.3-r1: use-after-free in the GDM daemon (CVE-2018-14424)
Status: RESOLVED FIXED
Alias: CVE-2018-14424
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://gitlab.gnome.org/GNOME/gdm/is...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-04 15:37 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-08-17 00:38 UTC (History)
1 user (show)

See Also:
Package list:
gnome-base/gdm-3.24.3-r1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-04 15:37:06 UTC 
Incoming details.
Comment 1 Larry the Git Cow gentoo-dev 2018-08-15 15:53:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa688468a75b6463a9265e4f85077a60eceddcf2

commit fa688468a75b6463a9265e4f85077a60eceddcf2
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-08-15 15:30:45 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-08-15 15:52:05 +0000

    gnome-base/gdm: CVE-2018-14424 and related patches
    
    While here, remove an ancient fixup for a supposedly
    temporary gdm-3.5 bug that had resulted in wrong /var/lib/gdm
    permissions, and remove unused versionator inherit.
    
    Bug: https://bugs.gentoo.org/662782
    Package-Manager: Portage-2.3.44, Repoman-2.3.10

 gnome-base/gdm/files/3.24.3-CVE-2018-14424.patch   | 163 +++++++++++++++++
 .../files/3.24.3-display-object-lifetime-fix.patch |  61 +++++++
 gnome-base/gdm/gdm-3.24.3-r1.ebuild                | 202 +++++++++++++++++++++
 3 files changed, 426 insertions(+)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-16 12:03:32 UTC 
x86 stable
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-17 00:17:11 UTC 
amd64 stable

GLSA vote: No.
Comment 4 Larry the Git Cow gentoo-dev 2018-08-17 00:36:18 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8b4ea87fb06325487a0e079aacc0b5a2e4950d8

commit a8b4ea87fb06325487a0e079aacc0b5a2e4950d8
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-08-17 00:35:22 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-08-17 00:35:41 +0000

    gnome-base/gdm: security cleanup
    
    Bug: https://bugs.gentoo.org/662782
    Package-Manager: Portage-2.3.46, Repoman-2.3.10

 gnome-base/gdm/gdm-3.24.3.ebuild | 211 ---------------------------------------
 1 file changed, 211 deletions(-)
Comment 5 Michael Boyle 2018-08-17 00:38:29 UTC 
Thanks guys