CVE-2024-5148

Published: 22 May 2024

gnome-remote-desktop fails to validate up front that the caller of methods on handover objects matches the user associated with the session involved with the handover process.

Notes

Author	Note
mdeslaur	46.x series only

Priority

Status

Package	Release	Status
gnome-remote-desktop Launchpad, Ubuntu, Debian	focal	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	mantic	Not vulnerable (code not present)
	noble	Released (46.2-1~ubuntu24.04.2)
	upstream	Released (46.2)
	Patches: upstream: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/263

References

https://www.cve.org/CVERecord?id=CVE-2024-5148
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/commit/2551f90af03828d06f55169a4e95876a5d58bb8e
https://ubuntu.com/security/notices/USN-6785-1
NVD
Launchpad
Debian

Bugs

https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
https://bugzilla.suse.com/show_bug.cgi?id=1222159

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›