Wednesday, April 30, 2014

USN-2184-2: Unity vulnerabilities

Ubuntu Security Notice USN-2184-2


30th April, 2014


unity vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.04 LTS


Summary


The Unity lock screen could be bypassed.


Software description



  • unity - Interface designed for efficiency of space and interaction.


Details


USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has

uncovered more issues which have been fixed in this update. This update

also fixes a regression with the shutdown dialogue.


We apologize for the inconvenience.


Original advisory details:


Frédéric Bardy discovered that Unity incorrectly filtered keyboard

shortcuts when the screen was locked. A local attacker could possibly use

this issue to run commands, and unlock the current session.



Giovanni Mellini discovered that Unity could display the Dash in certain

conditions when the screen was locked. A local attacker could possibly use

this issue to run commands, and unlock the current session.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.04 LTS:

unity 7.2.0+14.04.20140423-0ubuntu1.2


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to restart your session to make all

the necessary changes.


References


LP: 1314247






via Ubuntu Security Notices http://bit.ly/1rPB5fx
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)