MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
lightdm
Recherche

Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)

jeudi 13 novembre 2025, 19:43 , par LWN.net
The SUSE Security Team has published an in-depth
article on its findings after reviewing a D-Bus service contained
in LightDM
Greeter by KDE (the lightdm-kde-greeter package)
for addition to openSUSE Tumbleweed. The team found a privilege
escalation from the lightdm service user to root, as
well as other attack vectors in the service:

In agreement with upstream, we assigned CVE-2025-62876 to track the
lightdm service user to root privilege escalation aspect described in
this report. The severity of the issue is low, since it only affects
defense-in-depth (if the lightdm service user were compromised) and
the problematic logic can only be reached and exploited if triggered
interactively by a privileged user.

The fixes are contained in the 6.0.4
release of the project.
Lire la suite sur LWN.net
https://lwn.net/Articles/1046376/

Voir aussi

lightdm Rust in Android: move fast and fix things (Google Security Blog) LWN.net13 Nov
service Security updates for Thursday LWN.net13 Nov
privilege Iceland Deems Possible Atlantic Current Collapse A Security Risk Slashdot13 Nov
user Red Hat OpenShift 4.20 boosts AI workloads, security InfoWorld13 Nov
team Security updates for Wednesday LWN.net12 Nov
escalation UK's Cyber Security and Resilience Bill makes Parliamentary debut TheRegister12 Nov
suse The first Extended Security Update for Windows 10 is here BetaNews12 Nov
security ClickFix May Be the Biggest Security Threat Your Family Has Never Heard Of Slashdot12 Nov
kde Security updates for Tuesday LWN.net11 Nov
greeter OWASP Top 10: Broken access control still tops app security list TheRegister11 Nov
only How GlassWorm wormed its way back into developers’ code — and what it says about open source security InfoWorld11 Nov
root New hardened images set to improve container security BetaNews10 Nov
contained Security updates for Monday LWN.net10 Nov
blog Cisco creating new security model using 30 years of data describing cyber-dramas and saves TheRegister10 Nov
lightdm About KeePassXC's code quality control (KeePassXC blog) LWN.net 9 Nov
service FreeBSD now builds reproducibly and without root privilege OS News 9 Nov
privilege Bank of America Faces Lawsuit Over Alleged Unpaid Time for Windows Bootup, Logins, and Security Token Requests Slashdot 8 Nov
user Social Security Employees Grill Management During Tense Shutdown Meeting Wired: Tech. 7 Nov
team The Best Gifts for Sleep, as Tested by Our Team Wired: Tech. 7 Nov
escalation Security updates for Friday LWN.net 7 Nov
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
jeu. 13 nov. - 22:23 CET