Bug 955552 (CVE-2015-7496) - VUL-1: CVE-2015-7496: gdm: Gnome gdm/screen lock crash
Summary: VUL-1: CVE-2015-7496: gdm: Gnome gdm/screen lock crash
Status: RESOLVED INVALID
Alias: CVE-2015-7496
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Felix Zhang
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/158901/
Whiteboard: CVSSv2:SUSE:CVE-2015-7496:4.3:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-18 08:36 UTC by Sebastian Krahmer
Modified: 2017-08-15 08:48 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-11-18 08:36:09 UTC 
CVE-2015-7496

Quoting from gnome BZ:

"Credit to my cat for finding this..

* Running gnome session
* Press <super>+l to lock
* Press Escape and hold

Expected:

* The slider thing going up an down in an endless loop

Happing:

* After ~5 times the slider window coming and going GS crashes

using GS 3.18.1 on debian sid"


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7496
http://seclists.org/oss-sec/2015/q4/296
https://bugzilla.gnome.org/show_bug.cgi?id=758032
Comment 2 Bjørn Lie 2015-11-18 08:55:39 UTC 
Looked at this last night already, but we were not able to reproduce the bug what so ever.

I've so far tried with:
1. Tumbleweeed + GNOME (gdm) 3.18 on Nvidia gfx (blob driver)
2. Tumbleweeed + GNOME (gdm) 3.18 on Intel (2 diff boxes)
3. Leap (where we have gdm 3.14.2 on Nouveau.

Are anyone able to reproduce this?
SLED?

That being said, https://build.opensuse.org/request/show/344954 is subbed to GNOME:Factory awaiting review and check-in.
Comment 3 Bjørn Lie 2015-11-18 13:45:34 UTC 
Fredric, Scott: Are any of you able to reproduce the crash seen on Debian and Fedora?
Comment 4 Frederic Crozat 2015-11-18 13:55:46 UTC 
(In reply to Bjørn Lie from comment #3)
> Fredric, Scott: Are any of you able to reproduce the crash seen on Debian
> and Fedora?

I'm unable to reproduce on SLE12 (maybe because we tweaked a bit the slider in SLE, compared to upstream)
Comment 5 Swamp Workflow Management 2015-11-18 23:00:13 UTC 
bugbot adjusting priority
Comment 6 Scott Reeves 2015-11-18 23:05:53 UTC 
(In reply to Frederic Crozat from comment #4)
> (In reply to Bjørn Lie from comment #3)
> > Fredric, Scott: Are any of you able to reproduce the crash seen on Debian
> > and Fedora?
> 
> I'm unable to reproduce on SLE12 (maybe because we tweaked a bit the slider
> in SLE, compared to upstream)

I tried on several boxes - both GA and SP1 and could not trigger this crash.
Comment 7 Felix Zhang 2017-07-21 08:14:50 UTC 
Upstream fix 5ac2246 and 05e5fc2 can be backported to SLE12, even though the crash cannot be reproduced on either of SLE12-SP2 or Leap 42.2.

Should we still backport the fixes, or just close this?
Comment 8 Johannes Segitz 2017-08-15 07:57:21 UTC 
(In reply to Felix Zhang from comment #7)
If we don't have the problem I don't see the need to include it.