Home / mailings

PDF

[USN-2184-1] Unity vulnerabilities

Posted on 29 April 2014
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2184-1
April 29, 2014

unity vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The Unity lock screen could be bypassed.

Software Description:
- unity: Interface designed for efficiency of space and interaction.

Details:

Fr=C3=A9d=C3=A9ric Bardy discovered that Unity incorrectly filtered keybo=
ard
shortcuts when the screen was locked. A local attacker could possibly use=

this issue to run commands, and unlock the current session.

Giovanni Mellini discovered that Unity could display the Dash in certain
conditions when the screen was locked. A local attacker could possibly us=
e
this issue to run commands, and unlock the current session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
unity 7.2.0+14.04.20140423-0ubuntu1.1

After a standard system update you need to restart your session to make a=
ll
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2184-1
https://launchpad.net/bugs/1308850, https://launchpad.net/bugs/1313885

Package Information:
https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu=
1.1

 

TOP