*** This bug is a security vulnerability *** Public security bug reported:
Some themes may use KDE components which will automatically load KDE's crash handler. If the greeter were to then somehow crash, that would leave a crash handler allowing other actions, albeit as the locked down SDDM user. Only SDDM users using the breeze theme from plasma-workspace are affected. Safest and simplest fix is to handle this inside SDDM disabling kcrash via an environment variable for all future themes that may use these libraries. See https://github.com/sddm/sddm/commit/4cfed6b0a625593 ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: sddm 0.11.0-0ubuntu11 ProcVersionSignature: Ubuntu 4.2.0-17.21-generic 4.2.3 Uname: Linux 4.2.0-17-generic x86_64 ApportVersion: 2.19.1-0ubuntu4 Architecture: amd64 Date: Thu Oct 29 10:28:55 2015 EcryptfsInUse: Yes InstallationDate: Installed on 2015-07-26 (94 days ago) InstallationMedia: Kubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) SourcePackage: sddm UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: sddm (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug wily ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-0856 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511286 Title: Disable greeters from loading KDE's debug hander To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sddm/+bug/1511286/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
