An update for gdm is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1811 Final 1.0 1.0 2022-08-05 Initial 2022-08-05 2022-08-05 openEuler SA Tool V1.0 2022-08-05 gdm security update An update for gdm is now available for openEuler-20.03-LTS-SP1. The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays, and if the session doesn't provide a display server, GDM will start the display server. It also provides initiate functionality for user-switching, so multiple users can be logged in at the same time. Security Fix(es): A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.(CVE-2020-27837) An update for gdm is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium gdm https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1811 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-27837 https://nvd.nist.gov/vuln/detail/CVE-2020-27837 openEuler-20.03-LTS-SP1 gdm-3.38.2.1-1.oe1.aarch64.rpm gdm-devel-3.38.2.1-1.oe1.aarch64.rpm gdm-debugsource-3.38.2.1-1.oe1.aarch64.rpm gdm-debuginfo-3.38.2.1-1.oe1.aarch64.rpm gdm-3.38.2.1-1.oe1.src.rpm gdm-devel-3.38.2.1-1.oe1.x86_64.rpm gdm-debuginfo-3.38.2.1-1.oe1.x86_64.rpm gdm-3.38.2.1-1.oe1.x86_64.rpm gdm-debugsource-3.38.2.1-1.oe1.x86_64.rpm A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. 2022-08-05 CVE-2020-27837 openEuler-20.03-LTS-SP1 Medium 6.4 AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H gdm security update 2022-08-05 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1811