Debian 10261 Published by

A gnome-shell security update has been released for Debian GNU/Linux 9 LTS to address an issue around revealing passwords in the "gnome-shell" component of the GNOME desktop.



DLA 2374-1: gnome-shell security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2374-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 15, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : gnome-shell
Version : 3.22.3-3+deb9u1
CVE ID : CVE-2020-17489
Debian Bug : #968311

It was discovered that there was an issue around revealing passwords
in the "gnome-shell" component of the GNOME desktop.

In certain configurations, when logging out of an account the
password box from the login dialog could reappear with the password
visible in cleartext.

For Debian 9 "Stretch", this problem has been fixed in version
3.22.3-3+deb9u1.

We recommend that you upgrade your gnome-shell packages.

For the detailed security status of gnome-shell please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS