CVE-2024-5148: limit session handover to appropriate user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-remote-desktop (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
There is a new gnome-remote-
I suggest that we simply update Ubuntu 24.04 LTS from 46.1 to 46.2 since there are other hardening improvements in the release.
Other Ubuntu releases were not affected by the specific issue that was assigned the CVE since it is unique to the new "Remote Login" feature introduced in gnome-remote-
Other Info
----------
There is a significant existing regression in systems that were upgraded to Ubuntu 24.04 LTS but as of today we haven't finished the fix: LP: #2063333 (This issue has nothing to do with the security fix or with gnome-remote-
That fix might need to be handled with a regular SRU later.
This bug was fixed in the package gnome-remote- desktop - 46.2-1
--------------- desktop (46.2-1) experimental; urgency=medium
gnome-remote-
* SECURITY UPDATE: New upstream release (LP: #2066306)
- CVE-2024-5148 Limit login screen->user session handover access
to appropriate user. This issue only affected the 46 series.
- Various security hardening improvements
- Potential crasher fix
- Improved disconnection messages
- Broader client compatibility support
-- Jeremy Bícha <email address hidden> Tue, 21 May 2024 16:38:36 -0400