gdm

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Display manager and login screen
Version	47.0-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1380	3.38.2-1	3.38.2.1-1	Low	Fixed
AVG-1264	3.38.1-3	3.38.2-1	High	Fixed
AVG-879	3.30.2-2	3.30.3-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-27837	AVG-1380	Low	No	Authentication bypass	A security issue was found in gdm before version 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen...
CVE-2020-16125	AVG-1264	High	No	Privilege escalation	gdm before 3.38.2 can be tricked into launching gnome-initial-setup, enabling an unprivileged user to create a new user account for themselves. The new...
CVE-2019-3825	AVG-879	High	No	Access restriction bypass	An issue has been found in gdm <= 3.30.2, allowing a local attacker with valid credentials to unlock the session for a different user than their own.
CVE-2019-3820	AVG-879	High	No	Access restriction bypass	A partial screen lock bypass via keybindings has been found in gdm <= 3.30.2, allowing a local attacker to unlock a session under certain circumstances.

Advisories

Date	Advisory	Group	Severity	Type
10 Nov 2020	ASA-202011-5	AVG-1264	High	privilege escalation
03 Mar 2019	ASA-201903-3	AVG-879	High	access restriction bypass