[SECURITY] Fedora 20 Update: sddm-0.9.0-2.20141007git6a28c29b.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue Oct 28 06:46:46 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-12308
2014-10-08 17:46:38
--------------------------------------------------------------------------------

Name        : sddm
Product     : Fedora 20
Version     : 0.9.0
Release     : 2.20141007git6a28c29b.fc20
URL         : https://github.com/sddm/sddm
Summary     : QML based X11 desktop manager
Description :
SDDM is a modern display manager for X11 aiming to be fast, simple and
beautiful. It uses modern technologies like QtQuick, which in turn gives the
designer the ability to create smooth, animated user interfaces.

--------------------------------------------------------------------------------
Update Information:

Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct  9 2014 Martin Briza <mbriza at redhat.com> - 0.9.0-2.20141007git6a28c29b
- Remove pam_gnome_keyring.so (temporarily) from sddm.pam to fix impossibility to log out
- Resolves: #1150283
* Tue Oct  7 2014 Martin Briza <mbriza at redhat.com> - 0.9.0-1.20141007git6a28c29b
- Bump to latest upstream git (and a new release)
- Hack around focus problem in the Fedora theme
- Compile against Qt5
- Removed upstreamed patch and files
- Resolves: #1114192 #1119777 #1123506 #1125129 #1140386 #1112841 #1128463 #1128465 #1149608 #1149628 #1148659 #1148660 #1149610 #1149629
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.0-0.32.20140627gitf49c2c79
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 27 2014 Martin Briza <mbriza at redhat.com> - 0.2.0-0.31.20140627gitf49c2c79
- Patch unitialized values in signal handler in the daemon
* Fri Jun 27 2014 Martin Briza <mbriza at redhat.com> - 0.2.0-0.30.20140627gitf49c2c79
- Bump to latest upstream, switch back to sddm project
- Drop sddm.service
- Enable manpage and journald support
* Tue Jun 24 2014 Martin Briza <mbriza at redhat.com> - 0.2.0-0.29.20140623gitdb1d7381
- Fix default config to respect the new /usr/share paths
- Fixed multiple users after autologin
* Mon Jun 23 2014 Martin Briza <mbriza at redhat.com> - 0.2.0-0.28.20140623gitdb1d7381
- Fix Requires, release
* Mon Jun 23 2014 Martin Briza <mbriza at redhat.com> - 0.2.0-0.27.20131125gitdb1d7381
- Updated to the latest upstream git
- Notable changes: Greeter runs under the sddm user, it's possible to configure display setup, different install paths in /usr/share
- Resolves: #1034414 #1035939 #1035950 #1036308 #1038548 #1045722 #1045937 #1065715 #1082229 #1007067 #1027711 #1031745 #1008951 #1016902 #1031415 #1020921
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.0-0.26.20131125git7a008602
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May  1 2014 Rex Dieter <rdieter at fedoraproject.org> 0.2.0-0.25.20131125git7a008602
- update pam config (+pam_kwallet,-pam_mate_keyring)
* Mon Jan 27 2014 Adam Jackson <ajax at redhat.com> 0.2.0-0.24.20131125git7a008602
- Rebuild for new sonames in libxcb 1.10
* Mon Dec 16 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.23.20131125git7a008602
- Revert all work done on authentication, doesn't support multiple logins right now
* Mon Nov 25 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.22.20131125git7a008602
- Fix saving of last session and user
* Mon Nov 25 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.21.20131125git7a008602
- Rebase to current upstream
- Fix the theme (and improve it by a bit)
- Fix the authentication stack
- Don't touch numlock on startup
- Disabled the XDMCP server until it's accepted upstream
- Resolves: #1016902 #1028799 #1031415 #1031745 #1020921 #1008951 #1004621
* Tue Nov  5 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.20.20130914git50ca5b20
- Fix xdisplay and tty vars
* Tue Nov  5 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.19.20130914git50ca5b20
- Patch cleanup
* Tue Nov  5 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.18.20130914git50ca5b20
- Cmake magic
* Tue Nov  5 2013 Martin Briza <mbriza at redhat.com> - 0.2.0-0.17.20130914git50ca5b20
- Rewritten the authentication stack to work right with PAM
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1149608 - CVE-2014-7271 sddm: user "sddm" can login without authentication.
        https://bugzilla.redhat.com/show_bug.cgi?id=1149608
  [ 2 ] Bug #1148659 - sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
        https://bugzilla.redhat.com/show_bug.cgi?id=1148659
  [ 3 ] Bug #1149610 - CVE-2014-7272 sddm: several local privileges escalation issues
        https://bugzilla.redhat.com/show_bug.cgi?id=1149610
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update sddm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list