Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 14.04 LTS USN-2475-1 Critical: GTK+ Lock Bypass Issue

Calendar Jan 15, 2015 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical access control ubuntu gtk+ lock screen
GTK+ improperly handled the menu key, possibly allowing lock screen bypass. 
=========================================================================Ubuntu Security Notice USN-2475-1
January 15, 2015

gtk+3.0 update
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

GTK+ improperly handled the menu key, possibly allowing lock screen bypass.

Software Description:
- gtk+3.0: GTK+ graphical user interface library

Details:

Clemens Fries discovered that GTK+ allowed bypassing certain screen locks
by using the menu key. An attacker with physical access could possibly use
this flaw to gain access to a locked session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libgtk-3-0                      3.10.8-0ubuntu1.4

After a standard system update you need to restart your session to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2475-1
  https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790

Package Information:
  https://launchpad.net/ubuntu/+source/gtk+3.0/3.10.8-0ubuntu1.4

Ubuntu 14.04 LTS USN-2475-1 Critical: GTK+ Lock Bypass Issue

ubuntu
Calendar Grey January 15, 2015
Dist Ubuntu Esm H88
A recent GTK+ patch for Ubuntu tackles a security flaw that could enable bypassing the lock screen. Ensure your system is updated right away.
GTK+ improperly handled the menu key, possibly allowing lock screen bypass.

Summary

Topics%20covered

Topics Covered

security advisory critical access control ubuntu gtk+ lock screen

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libgtk-3-0 3.10.8-0ubuntu1.4 After a standard system update you need to restart your session to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2475-1

https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790

Severity
critical
Lowest
Low
Medium
High
Critical

January 15, 2015

Topics%20covered

Topics Covered

security advisory critical access control ubuntu gtk+ lock screen

Package Information

https://launchpad.net/ubuntu/+source/gtk+3.0/3.10.8-0ubuntu1.4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here