Debian Security Advisory

DLA-2374-1 gnome-shell -- LTS security update

Date Reported:
15 Sep 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-17489.
More information:

It was discovered that there was an issue around revealing passwords in the gnome-shell component of the GNOME desktop.

In certain configurations, when logging out of an account the password box from the login dialog could reappear with the password visible in cleartext.

  • CVE-2020-17489

    An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)

For Debian 9 Stretch, these problems have been fixed in version 3.22.3-3+deb9u1.

We recommend that you upgrade your gnome-shell packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: