CVE-2018-20781

Priority
Description
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password
is kept in a session-child process spawned from the LightDM daemon. This
can expose the credential in cleartext.
Assigned-to
mdeslaur
Package
Upstream:released (3.28.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.10.1-1ubuntu4.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.18.3-0ubuntu2.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.28.0.2-1ubuntu1.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gnome-keyring/commit/9db67ef6e39ac51d426dee91da3b9305670241e6
More Information

Updated: 2019-03-19 12:30:48 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)