[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Ubuntu 14.04: security problem in the lock screen
From: Marc Deslauriers <marc.deslauriers () canonical ! com>
Date: 2014-04-29 12:26:01
Message-ID: 535F9A59.3060107 () canonical ! com
[Download RAW message or body]
Hi,
On 14-04-26 11:06 AM, Kurt Seifried wrote:
> https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
>
> Probably needs a CVE.
>
While that particular bug was fixed before 14.04 was released, it's probably
worth assigning a CVE to it anyway for tracking purposes, since I have now
published a security update that corrects two more lock screen bugs.
Here's a summary:
Issue #1 (Before 14.04 came out):
Marco Agnese discovered that Unity 7.2.0 incorrectly handled entry activation on
the lock screen, resulting in the lock screen crashing and the session becoming
unlocked.
Reference:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
http://bazaar.launchpad.net/~unity-team/unity/trunk/revision/3787
Issue #2:
Giovanni Mellini discovered that Unity 7.2.0 could display the Dash in certain
conditions when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.
Reference:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850
http://bazaar.launchpad.net/~unity-team/unity/trunk/revision/3789
http://www.ubuntu.com/usn/usn-2184-1/
Issue #3:
Frédéric Bardy discovered that Unity 7.2.0 incorrectly filtered keyboard
shortcuts when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.
Reference:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885
https://code.launchpad.net/~3v1n0/unity/lockscreen-keys-disable/+merge/217528
http://www.ubuntu.com/usn/usn-2184-1/
Could CVEs please be assigned to these three issues?
Thanks!
Marc.
--
Marc Deslauriers
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic