Home / mailings

PDF

[USN-2184-2] Unity vulnerabilities

Posted on 30 April 2014
Ubuntu Security

==========================
==========================
========================
Ubuntu Security Notice USN-2184-2
April 30, 2014

unity vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The Unity lock screen could be bypassed.

Software Description:
- unity: Interface designed for efficiency of space and interaction.

Details:

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing ha=
s
uncovered more issues which have been fixed in this update. This update
also fixes a regression with the shutdown dialogue.

We apologize for the inconvenience.

Original advisory details:

Fr=C3=A9d=C3=A9ric Bardy discovered that Unity incorrectly filtered keyb=
oard
shortcuts when the screen was locked. A local attacker could possibly us=
e
this issue to run commands, and unlock the current session.
Giovanni Mellini discovered that Unity could display the Dash in certai=
n
conditions when the screen was locked. A local attacker could possibly u=
se
this issue to run commands, and unlock the current session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
unity 7.2.0+14.04.20140423-0ubuntu1.2

After a standard system update you need to restart your session to make a=
ll
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2184-2
http://www.ubuntu.com/usn/usn-2184-1
https://launchpad.net/bugs/1314247

Package Information:
https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu=
1.2

 

TOP