[Bug 1772919] Re: pam-gnome-keyring.so reveals user’s password credential as a plaintext form

Launchpad Bug Tracker Tue, 26 Feb 2019 06:23:56 -0800

This bug was fixed in the package gnome-keyring - 3.10.1-1ubuntu4.4

---------------
gnome-keyring (3.10.1-1ubuntu4.4) trusty-security; urgency=medium


  * SECURITY UPDATE: credentials exposed in memory (LP: #1772919)
    - debian/patches/CVE-2018-20781.patch: destroy the password in
      pam_sm_open_session in pam/gkr-pam-module.c.
    - CVE-2018-20781

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Thu, 14 Feb 2019
08:32:24 -0500

** Changed in: gnome-keyring (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20781

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1772919

Title:
  pam-gnome-keyring.so reveals user’s password credential as a plaintext
  form

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1772919] Re: pam-gnome-keyring.so reveals user’s password credential as a plaintext form

Reply via email to