This bug was fixed in the package gnome-keyring - 3.10.1-1ubuntu4.4
---------------
gnome-keyring (3.10.1-1ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: credentials exposed in memory (LP: #1772919)
- debian/patches/CVE-2018-20781.patch: destroy the password in
pam_sm_open_session in pam/gkr-pam-module.c.
- CVE-2018-20781
-- Marc Deslauriers <[email protected]> Thu, 14 Feb 2019
08:32:24 -0500
** Changed in: gnome-keyring (Ubuntu Trusty)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20781
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772919
Title:
pam-gnome-keyring.so reveals user’s password credential as a plaintext
form
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
