Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 446
Alerts This Week
Warning Icon 1 446

Ubuntu 14.04 LTS USN-2475-1 Critical: GTK+ Lock Bypass Issue

ubuntu
Calendar Grey January 15, 2015
Dist Ubuntu Esm H88
A recent GTK+ patch for Ubuntu tackles a security flaw that could enable bypassing the lock screen. Ensure your system is updated right away.
GTK+ improperly handled the menu key, possibly allowing lock screen bypass.

Summary

GTK+ improperly handled the menu key, possibly allowing lock screen bypass.

Software Description:

- gtk+3.0: GTK+ graphical user interface library

Details:

Clemens Fries discovered that GTK+ allowed bypassing certain screen locks

by using the menu key. An attacker with physical access could possibly use

this flaw to gain access to a locked session.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libgtk-3-0                      3.10.8-0ubuntu1.4

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2475-1

https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790

Severity
critical
Lowest
Low
Medium
High
Critical

January 15, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.