OESA-2022-1811

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1811

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1811.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1811

Upstream

CVE-2020-27837

Published

2022-08-05T11:04:06Z

Modified

2025-08-12T05:06:11.485140Z

Summary

gdm security update

Details

The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays, and if the session doesn't provide a display server, GDM will start the display server. It also provides initiate functionality for user-switching, so multiple users can be logged in at the same time.

Security Fix(es):

A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.(CVE-2020-27837)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / gdm

Package

Name: gdm
Purl: pkg:rpm/openEuler/gdm&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.2.1-1.oe1

Ecosystem specific

{
    "aarch64": [
        "gdm-3.38.2.1-1.oe1.aarch64.rpm",
        "gdm-devel-3.38.2.1-1.oe1.aarch64.rpm",
        "gdm-debugsource-3.38.2.1-1.oe1.aarch64.rpm",
        "gdm-debuginfo-3.38.2.1-1.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "gdm-devel-3.38.2.1-1.oe1.x86_64.rpm",
        "gdm-debuginfo-3.38.2.1-1.oe1.x86_64.rpm",
        "gdm-3.38.2.1-1.oe1.x86_64.rpm",
        "gdm-debugsource-3.38.2.1-1.oe1.x86_64.rpm"
    ],
    "src": [
        "gdm-3.38.2.1-1.oe1.src.rpm"
    ]
}