Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 415
Alerts This Week
Warning Icon 1 415

Arch Linux Advisory: ASA-201602-10 Medium: Kscreenlocker Access Bypass

Archlinux Large Esm H446
The package kscreenlocker before version 5.5.4-2 is vulnerable to access restriction bypass.
Arch Linux Security Advisory ASA-201602-10
=========================================
Severity: Medium
Date    : 2016-02-10
CVE-ID  : CVE-2016-2312
Package : kscreenlocker
Type    : access restriction bypass
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package kscreenlocker before version 5.5.4-2 is vulnerable to access
restriction bypass.

Resolution
=========
Upgrade to 5.5.4-2.

# pacman -Syu "kscreenlocker>=5.5.4-2"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
A vulnerability has been discovered in kscreenlocker that is leading to
access restriction bypass. Turning all screens off while the lock screen
is shown can result in the screen being unlocked when turning a screen
on again.

Impact
=====
A local attacker with physical access to the hardware is able to gain
unauthorized access to a locked system.

References
=========
https://kde.org/info/security/advisory-20160209-1.txt
https://bugs.kde.org/show_bug.cgi?id=358125
https://bugzilla.opensuse.org/show_bug.cgi?id=964548