[USN-2184-2] Unity vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Wed Apr 30 18:50:12 UTC 2014


==========================================================================
Ubuntu Security Notice USN-2184-2
April 30, 2014

unity vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The Unity lock screen could be bypassed.

Software Description:
- unity: Interface designed for efficiency of space and interaction.

Details:

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has
uncovered more issues which have been fixed in this update. This update
also fixes a regression with the shutdown dialogue.

We apologize for the inconvenience.

Original advisory details:

 Frédéric Bardy discovered that Unity incorrectly filtered keyboard
 shortcuts when the screen was locked. A local attacker could possibly use
 this issue to run commands, and unlock the current session.
  Giovanni Mellini discovered that Unity could display the Dash in certain
 conditions when the screen was locked. A local attacker could possibly use
 this issue to run commands, and unlock the current session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  unity                           7.2.0+14.04.20140423-0ubuntu1.2

After a standard system update you need to restart your session to make all
the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2184-2
  http://www.ubuntu.com/usn/usn-2184-1
  https://launchpad.net/bugs/1314247

Package Information:
  https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu1.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20140430/953f1812/attachment.sig>


More information about the ubuntu-security-announce mailing list