*** This bug is a security vulnerability ***
Public security bug reported:
There is a new gnome-remote-desktop release in the stable 46.x branch.
I suggest that we simply update Ubuntu 24.04 LTS from 46.1 to 46.2 since
there are other hardening improvements in the release.
Other Ubuntu releases were not affected by the specific issue that was
assigned the CVE since it is unique to the new "Remote Login" feature
introduced in gnome-remote-desktop 46.
Other Info
----------
There is a significant existing regression in systems that were upgraded to
Ubuntu 24.04 LTS but as of today we haven't finished the fix: LP: #2063333
(This issue has nothing to do with the security fix or with
gnome-remote-desktop 46.2.)
That fix might need to be handled with a regular SRU later.
** Affects: gnome-remote-desktop (Ubuntu)
Importance: Undecided
Status: Fix Committed
** Affects: gnome-remote-desktop (Ubuntu Noble)
Importance: Undecided
Status: New
** Tags: noble
** Also affects: gnome-remote-desktop (Ubuntu Noble)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2066306
Title:
CVE-2024-5148: limit session handover to appropriate user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/2066306/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
