Last week, we reported the release of the second and last maintenance build of the stable GNOME 3.18 desktop environment, which brought updates to numerous GNOME apps and core components.
However, it appears that not all the core components of GNOME 3.18 have received maintenance releases, as the GDM (GNOME Display Manager) package has just been updated on November 17, 2015, with a patch for a crash that occurred when holding the Escape (ESC) key while in lock screen, which would have allowed anyone to bypass the security of the lock screen and access the desktop environment.
This is the famous cat-related bug report submitted by Christoph Reiter on the GNOME Bugzilla bug tracker, and it also affects the LightDM login manager. “Credit to my cat for finding this. Running GNOME session, press < super >+l to lock, press Escape and hold. The slider thing will go up and down in an endless loop. After ~5 times the slider window coming and going GNOME Shell crashes,” writes Christoph Reiter.
All GNU/Linux distributions that use GDM are affected
The bug has now been patched, and the GDM 3.18.2 maintenance release has been pushed to the GNOME FTP servers for package maintainers to include it in their operating systems. The issue affects all GNU/Linux distributions running GDM as default login manager, and it has been documented at CVE-2015-7496 for Debian GNU/Linux systems.
In addition to the fix for the lock screen bypass issue, the GDM 3.18.2 package also includes translation updates. All users are urged to update the GDM packages in their Linux kernel-based operating systems as soon as the 3.18.2 version arrives in the default software repositories of the respective distribution. Alternatively, you can download the GDM 3.18.2 sources right now from Softpedia and start compiling it by hand.
Via Softpedia