Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-37408

Published: 8 June 2024

** DISPUTED ** fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.

Notes

AuthorNote
mdeslaur
This isn't really a vulnerability in fprintd, it's a limitation
when command-line applications use pam for authentication. See
mailing list discussion, this CVE may get rejected. Marking as
deferred for now.

Priority

Medium

Status

Package Release Status
fprintd
Launchpad, Ubuntu, Debian
bionic Deferred
(2024-06-17)
focal Deferred
(2024-06-17)
jammy Deferred
(2024-06-17)
mantic Ignored
(end of life, was deferred [2024-06-17])
noble Deferred
(2024-06-17)
upstream Needs triage

xenial Deferred
(2024-06-17)