Security update for gnome-settings-daemon SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0515-1 Final 1 1 2015-02-12T07:58:57Z current 2015-02-12T07:58:57Z 2015-02-12T07:58:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gnome-settings-daemon gnome-settings-daemon was updated to fix a bug and a security issue: Security issue fixed: - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen button. Bug fixed: - Do not hide the cursor while there was no mutter running (bsc#905158). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-126,SUSE-SLE-SDK-12-2015-126,SUSE-SLE-SERVER-12-2015-126 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150515-1/ Link for SUSE-SU-2015:0515-1 https://lists.suse.com/pipermail/sle-security-updates/2015-March/001293.html E-Mail link for SUSE-SU-2015:0515-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/900031 SUSE Bug 900031 https://bugzilla.suse.com/905158 SUSE Bug 905158 https://www.suse.com/security/cve/CVE-2014-7300/ SUSE CVE CVE-2014-7300 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 gnome-settings-daemon-3.10.2-20.1 gnome-settings-daemon-lang-3.10.2-20.1 gnome-settings-daemon-devel-3.10.2-20.1 gnome-settings-daemon-3.10.2-20.1 as a component of SUSE Linux Enterprise Desktop 12 gnome-settings-daemon-lang-3.10.2-20.1 as a component of SUSE Linux Enterprise Desktop 12 gnome-settings-daemon-3.10.2-20.1 as a component of SUSE Linux Enterprise Server 12 gnome-settings-daemon-lang-3.10.2-20.1 as a component of SUSE Linux Enterprise Server 12 gnome-settings-daemon-3.10.2-20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 gnome-settings-daemon-lang-3.10.2-20.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 gnome-settings-daemon-devel-3.10.2-20.1 as a component of SUSE Linux Enterprise Software Development Kit 12 GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. CVE-2014-7300 SUSE Linux Enterprise Desktop 12:gnome-settings-daemon-3.10.2-20.1 SUSE Linux Enterprise Desktop 12:gnome-settings-daemon-lang-3.10.2-20.1 SUSE Linux Enterprise Server 12:gnome-settings-daemon-3.10.2-20.1 SUSE Linux Enterprise Server 12:gnome-settings-daemon-lang-3.10.2-20.1 SUSE Linux Enterprise Server for SAP Applications 12:gnome-settings-daemon-3.10.2-20.1 SUSE Linux Enterprise Server for SAP Applications 12:gnome-settings-daemon-lang-3.10.2-20.1 SUSE Linux Enterprise Software Development Kit 12:gnome-settings-daemon-devel-3.10.2-20.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150515-1/ https://www.suse.com/security/cve/CVE-2014-7300.html CVE-2014-7300 https://bugzilla.suse.com/900031 SUSE Bug 900031