Disable greeters from loading KDE's debug hander
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sddm (Debian) |
Fix Released
|
Unknown
|
|||
sddm (Gentoo Linux) |
Unknown
|
Unknown
|
|||
sddm (Ubuntu) |
Fix Released
|
Low
|
Philip Muškovac | ||
Wily |
Confirmed
|
Low
|
Unassigned |
Bug Description
Some themes may use KDE components which will automatically load KDE's
crash handler.
If the greeter were to then somehow crash, that would leave a crash
handler allowing other actions, albeit as the locked down SDDM user.
Only SDDM users using the breeze theme from plasma-workspace are
affected. Safest and simplest fix is to handle this inside SDDM
disabling kcrash via an environment variable for all future themes that
may use these libraries.
See https:/
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: sddm 0.11.0-0ubuntu11
ProcVersionSign
Uname: Linux 4.2.0-17-generic x86_64
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
Date: Thu Oct 29 10:28:55 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-07-26 (94 days ago)
InstallationMedia: Kubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
SourcePackage: sddm
UpgradeStatus: No upgrade log present (probably fresh install)
CVE References
Changed in sddm (Ubuntu): | |
assignee: | nobody → Philip Muškovac (yofel) |
Changed in sddm (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in sddm (Ubuntu): | |
importance: | Undecided → Low |
tags: | added: vivid xenial |
Changed in sddm (Debian): | |
status: | Unknown → Fix Released |
Changed in sddm (Ubuntu Wily): | |
importance: | Undecided → Low |
assignee: | nobody → Philip Muškovac (yofel) |
Changed in sddm (Ubuntu Wily): | |
status: | New → Confirmed |
tags: | added: bitesize |
Changed in sddm (Ubuntu Wily): | |
assignee: | Philip Muškovac (yofel) → nobody |
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res