Bug 1008036 (CVE-2016-1000002) - VUL-1: CVE-2016-1000002: gdm: infoleak before screenlock
Summary: VUL-1: CVE-2016-1000002: gdm: infoleak before screenlock
Status: RESOLVED WONTFIX
Alias: CVE-2016-1000002
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 42.2
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: openSUSE GNOME
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-02 09:22 UTC by Sebastian Krahmer
Modified: 2018-01-24 13:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-11-02 09:22:18 UTC
CVE-2016-1000002

According to DWF:

Gnome GDM 3.14.2 and possibly later are vulnerable to an information disclosure vulnerability, specifically when a laptop screen is closed to trigger the screen lock, and the lid is then re-opened the previous contents of the screen are visible for approx 1 second (long enough to take a picture of video record it) before the lock screen kicks in.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000002
https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000002/CVE-2016-1000002.json
Comment 1 Sebastian Krahmer 2016-11-02 09:38:40 UTC
Low impact enough for a VUL-1