UbuntuUpdates.org

Package "libpam-gnome-keyring"

Name: libpam-gnome-keyring

Description:

PAM module to unlock the GNOME keyring upon login

Latest version: 3.18.3-0ubuntu2.1
Release: xenial (16.04)
Level: security
Repository: main
Head package: gnome-keyring
Homepage: https://wiki.gnome.org/GnomeKeyring

Links


Download "libpam-gnome-keyring"


Other versions of "libpam-gnome-keyring" in Xenial

Repository Area Version
base main 3.18.3-0ubuntu2
updates main 3.18.3-0ubuntu2.1

Changelog

Version: 3.18.3-0ubuntu2.1 2019-02-26 15:07:24 UTC

  gnome-keyring (3.18.3-0ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: credentials exposed in memory (LP: #1772919)
    - debian/patches/CVE-2018-20781.patch: destroy the password in
      pam_sm_open_session in pam/gkr-pam-module.c.
    - CVE-2018-20781

 -- Marc Deslauriers <email address hidden> Thu, 14 Feb 2019 08:26:56 -0500

1772919 pam-gnome-keyring.so reveals user\u2019s password credential as a plaintext form
CVE-2018-20781 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This



About   -   Send Feedback to @ubuntu_updates