An update for gdm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1044 Final 1.0 1.0 2021-03-05 Initial 2021-03-05 2021-03-05 openEuler SA Tool V1.0 2021-03-05 gdm security update An update for gdm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. The GNOME Display Manager is a system service that is responsible for providing graphical log-ins and managing local and remote displays, and if the session doesn't provide a display server, GDM will start the display server. It also provides initiate functionality for user-switching, so multiple users can be logged in at the same time. Security Fix(es): A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.(CVE-2019-3825) An update for gdm is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium gdm https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1044 https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-3825 https://nvd.nist.gov/vuln/detail/CVE-2019-3825 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 gdm-3.30.1-10.oe1.aarch64.rpm gdm-devel-3.30.1-10.oe1.aarch64.rpm gdm-debugsource-3.30.1-10.oe1.aarch64.rpm gdm-debuginfo-3.30.1-10.oe1.aarch64.rpm gdm-3.30.1-10.oe1.aarch64.rpm gdm-devel-3.30.1-10.oe1.aarch64.rpm gdm-debugsource-3.30.1-10.oe1.aarch64.rpm gdm-debuginfo-3.30.1-10.oe1.aarch64.rpm gdm-3.30.1-10.oe1.src.rpm gdm-3.30.1-10.oe1.src.rpm gdm-debugsource-3.30.1-10.oe1.x86_64.rpm gdm-devel-3.30.1-10.oe1.x86_64.rpm gdm-3.30.1-10.oe1.x86_64.rpm gdm-debuginfo-3.30.1-10.oe1.x86_64.rpm gdm-debugsource-3.30.1-10.oe1.x86_64.rpm gdm-devel-3.30.1-10.oe1.x86_64.rpm gdm-3.30.1-10.oe1.x86_64.rpm gdm-debuginfo-3.30.1-10.oe1.x86_64.rpm A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session. 2021-03-05 CVE-2019-3825 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 Medium 6.4 AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H gdm security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1044