CVE 2015-0856
daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
Related bugs and status
CVE-2015-0856 (Candidate) is related to these bugs:
Bug #1433277: sddm missing manpage
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1433277 | sddm missing manpage | sddm (Ubuntu) | Low | Fix Released | ||
1433277 | sddm missing manpage | One Hundred Papercuts | Low | Fix Released |
Bug #1511286: Disable greeters from loading KDE's debug hander
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1511286 | Disable greeters from loading KDE's debug hander | sddm (Ubuntu) | Low | Fix Released | ||
1511286 | Disable greeters from loading KDE's debug hander | sddm (Debian) | Unknown | Fix Released | ||
1511286 | Disable greeters from loading KDE's debug hander | sddm (Ubuntu Wily) | Low | Confirmed | ||
1511286 | Disable greeters from loading KDE's debug hander | sddm (Gentoo Linux) | Unknown | Unknown |
Bug #1516837: [update request] SDDM 0.13.0 released on Nov. 4th
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1516837 | [update request] SDDM 0.13.0 released on Nov. 4th | sddm (Ubuntu) | Wishlist | Fix Released |
Bug #1519564: [merge request] SDDM 0.12.0 released on Sept. 5th
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1519564 | [merge request] SDDM 0.12.0 released on Sept. 5th | sddm (Ubuntu) | Wishlist | Fix Released |
Bug #1531499: Please backport SDDM 0.13 from Xenial
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1531499 | Please backport SDDM 0.13 from Xenial | wily-backports | Undecided | Opinion |
See the
CVE page on Mitre.org
for more details.