Debian Security Advisory
DLA-2374-1 gnome-shell -- LTS security update
- Date Reported:
- 15 Sep 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-17489.
- More information:
It was discovered that there was an issue around revealing passwords in the gnome-shell component of the GNOME desktop.
In certain configurations, when logging out of an account the password box from the login dialog could reappear with the password visible in cleartext.
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)
For Debian 9
Stretch, these problems have been fixed in version 3.22.3-3+deb9u1.
We recommend that you upgrade your gnome-shell packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS