CVE-2019-3825

Priority
Description
A vulnerability was discovered in gdm before 3.31.4. When timed login is
enabled in configuration, an attacker could bypass the lock screen by
selecting the timed login user and waiting for the timer to expire, at
which time they would gain access to the logged-in user's session.
Assigned-to
leosilva
Notes
Package
Source: gdm3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (3.28.3-0ubuntu18.04.4)
Ubuntu 19.04 (Disco Dingo):released (3.31.4+git20190225-1ubuntu1)
Ubuntu 19.10 (Eoan Ermine):released (3.31.4+git20190225-1ubuntu1)
Ubuntu 20.04 (Focal Fossa):released (3.31.4+git20190225-1ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/gdm/commit/7726c81db92d2339fc468ed41c967f5412db66ed
Upstream:https://gitlab.gnome.org/GNOME/gdm/commit/d9d22a1c48a528873e3cc84a73fc868507b8dd4d
Upstream:https://gitlab.gnome.org/GNOME/gdm/commit/94d9fec87960e3ff5f7b75dadcde2807db148fbd
Upstream:https://gitlab.gnome.org/GNOME/gdm/commit/dd45295425c5a843c30aa8797b02d59ff488acb8
More Information

Updated: 2019-12-05 20:08:00 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)