CVE 2015-0856
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
Related bugs and status
CVE-2015-0856 (Candidate) is related to these bugs:
Bug #1433277: sddm missing manpage
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1433277 | sddm missing manpage | sddm (Ubuntu) | Low | Fix Released | ||
| 1433277 | sddm missing manpage | One Hundred Papercuts | Low | Fix Released | ||
Bug #1511286: Disable greeters from loading KDE's debug hander
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1511286 | Disable greeters from loading KDE's debug hander | sddm (Ubuntu) | Low | Fix Released | ||
| 1511286 | Disable greeters from loading KDE's debug hander | sddm (Debian) | Unknown | Fix Released | ||
| 1511286 | Disable greeters from loading KDE's debug hander | sddm (Ubuntu Wily) | Low | Confirmed | ||
| 1511286 | Disable greeters from loading KDE's debug hander | sddm (Gentoo Linux) | Unknown | Unknown | ||
Bug #1516837: [update request] SDDM 0.13.0 released on Nov. 4th
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1516837 | [update request] SDDM 0.13.0 released on Nov. 4th | sddm (Ubuntu) | Wishlist | Fix Released | ||
Bug #1519564: [merge request] SDDM 0.12.0 released on Sept. 5th
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1519564 | [merge request] SDDM 0.12.0 released on Sept. 5th | sddm (Ubuntu) | Wishlist | Fix Released | ||
Bug #1531499: Please backport SDDM 0.13 from Xenial
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1531499 | Please backport SDDM 0.13 from Xenial | wily-backports | Undecided | Opinion | ||
See the 
CVE page on Mitre.org
for more details.
