Security update for gnome-settings-daemon

SUSE Security Update: Security update for gnome-settings-daemon
Announcement ID: SUSE-SU-2015:0515-1
Rating: moderate
References: #900031 #905158
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12

  • An update that solves one vulnerability and has one errata is now available.

    Description:


    gnome-settings-daemon was updated to fix a bug and a security issue:

    Security issue fixed:
    - CVE-2014-7300: The lockscreen can be bypassed with the Print Screen
    button.

    Bug fixed:
    - Do not hide the cursor while there was no mutter running (bsc#905158).

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12:
      zypper in -t patch SUSE-SLE-SDK-12-2015-126=1
    • SUSE Linux Enterprise Server 12:
      zypper in -t patch SUSE-SLE-SERVER-12-2015-126=1
    • SUSE Linux Enterprise Desktop 12:
      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-126=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
      • gnome-settings-daemon-debuginfo-3.10.2-20.1
      • gnome-settings-daemon-debugsource-3.10.2-20.1
      • gnome-settings-daemon-devel-3.10.2-20.1
    • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
      • gnome-settings-daemon-3.10.2-20.1
      • gnome-settings-daemon-debuginfo-3.10.2-20.1
      • gnome-settings-daemon-debugsource-3.10.2-20.1
    • SUSE Linux Enterprise Server 12 (noarch):
      • gnome-settings-daemon-lang-3.10.2-20.1
    • SUSE Linux Enterprise Desktop 12 (x86_64):
      • gnome-settings-daemon-3.10.2-20.1
      • gnome-settings-daemon-debuginfo-3.10.2-20.1
      • gnome-settings-daemon-debugsource-3.10.2-20.1
    • SUSE Linux Enterprise Desktop 12 (noarch):
      • gnome-settings-daemon-lang-3.10.2-20.1

    References:

    • http://support.novell.com/security/cve/CVE-2014-7300.html
    • https://bugzilla.suse.com/900031
    • https://bugzilla.suse.com/905158