#9746: GNOME 3.26 Platform (libgweather-3.26.0 gvfs-1.34.0 gnome-bluetooth-3.26.0 gdk-pixbuf-2.36.10 atk-2.26.0 evolution-data-server-3.26.0 libpeas-1.22.0 gtk+3.22.21 gnome-desktop-3.26.0 gjs-1.50.0 at-spi2-atk-2.26.0 at- spi2-core-2.26.0 pyatspi-2.26.0 yelp-3.26.0 libgtop-2.38.0 vte-0.50.0 pygobject3-3.26.0 gnome-settings-daemon-3.26.0 gnome-control-center-3.26.0 json-glib-1.4.2 gnome-user-docs-3.26.0 nautilus-3.26.0 gnome-session-3.26.0 gdm-3.26.0 glib-networking-2.54.0 libsoup-2.60.0 gnome-shell-3.26.0 gnome- shell-extensions-3.26.0 mutter-3.26.0 gnome-online-accounts-3.26.0 glibmm-2.54.0 gtkmm-3.22.2) -------------------------+----------------------- Reporter: renodr | Owner: renodr Type: enhancement | Status: assigned Priority: normal | Milestone: 8.2 Component: BOOK | Version: SVN Severity: normal | Resolution: Keywords: | -------------------------+-----------------------
Comment (by renodr): {{{ Anyone shipping GDM 3.24.1 or later should consider upgrading to 3.24.3 (or 3.26.0) which fixes a security hole. namely, if the user enables autologin, then screen lock can be bypassed by trying to initiate user switching. ---------- Forwarded message --------- From: Ray Strode <install-mod...@master.gnome.org> Date: Tue, Sep 12, 2017 at 11:47 AM Subject: gdm 3.24.3 To: FTP Releases <ftp-release-l...@gnome.org> About gdm ========= Display manager and login screen News ==== - Fix for unauthenticated unlock when autologin is enabled (CVE-2017-12164) - Fix fallback session name sorting - Translation updates }}} GDM is now a critical update. I'll work on it overnight. -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9746#comment:10> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page