Security update for gdm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2264-1 Final 1 1 2020-12-15T11:44:05Z current 2020-12-15T11:44:05Z 2020-12-15T11:44:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gdm This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2264 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSCPFN6UQDWHTSA3DT4W6QWNTQE4X4HE/ E-Mail link for openSUSE-SU-2020:2264-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1178150 SUSE Bug 1178150 https://www.suse.com/security/cve/CVE-2020-16125/ SUSE CVE CVE-2020-16125 page openSUSE Leap 15.1 gdm-3.26.2.1-lp151.16.10.1 gdm-branding-upstream-3.26.2.1-lp151.16.10.1 gdm-devel-3.26.2.1-lp151.16.10.1 gdm-lang-3.26.2.1-lp151.16.10.1 gdmflexiserver-3.26.2.1-lp151.16.10.1 libgdm1-3.26.2.1-lp151.16.10.1 typelib-1_0-Gdm-1_0-3.26.2.1-lp151.16.10.1 gdm-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 gdm-branding-upstream-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 gdm-devel-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 gdm-lang-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 gdmflexiserver-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 libgdm1-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 typelib-1_0-Gdm-1_0-3.26.2.1-lp151.16.10.1 as a component of openSUSE Leap 15.1 gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. CVE-2020-16125 openSUSE Leap 15.1:gdm-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:gdm-branding-upstream-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:gdm-devel-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:gdm-lang-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:gdmflexiserver-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:libgdm1-3.26.2.1-lp151.16.10.1 openSUSE Leap 15.1:typelib-1_0-Gdm-1_0-3.26.2.1-lp151.16.10.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSCPFN6UQDWHTSA3DT4W6QWNTQE4X4HE/ https://www.suse.com/security/cve/CVE-2020-16125.html CVE-2020-16125 https://bugzilla.suse.com/1140851 SUSE Bug 1140851 https://bugzilla.suse.com/1178150 SUSE Bug 1178150