oss-sec mailing list archives
Re: Ubuntu 14.04: security problem in the lock screen
From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 29 Apr 2014 08:26:01 -0400
Hi, On 14-04-26 11:06 AM, Kurt Seifried wrote:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 Probably needs a CVE.
While that particular bug was fixed before 14.04 was released, it's probably worth assigning a CVE to it anyway for tracking purposes, since I have now published a security update that corrects two more lock screen bugs. Here's a summary: Issue #1 (Before 14.04 came out): Marco Agnese discovered that Unity 7.2.0 incorrectly handled entry activation on the lock screen, resulting in the lock screen crashing and the session becoming unlocked. Reference: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 http://bazaar.launchpad.net/~unity-team/unity/trunk/revision/3787 Issue #2: Giovanni Mellini discovered that Unity 7.2.0 could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Reference: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308850 http://bazaar.launchpad.net/~unity-team/unity/trunk/revision/3789 http://www.ubuntu.com/usn/usn-2184-1/ Issue #3: Frédéric Bardy discovered that Unity 7.2.0 incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Reference: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885 https://code.launchpad.net/~3v1n0/unity/lockscreen-keys-disable/+merge/217528 http://www.ubuntu.com/usn/usn-2184-1/ Could CVEs please be assigned to these three issues? Thanks! Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Current thread:
- Ubuntu 14.04: security problem in the lock screen Kurt Seifried (Apr 26)
- Re: Ubuntu 14.04: security problem in the lock screen Dave Walker (Apr 26)
- Re: Ubuntu 14.04: security problem in the lock screen Marc Deslauriers (Apr 29)
- Re: Ubuntu 14.04: security problem in the lock screen cve-assign (May 03)