Ubuntu Security Notice USN-4958-1
May 17, 2021

caribou vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS


Applications using Caribou could be made to crash if given specially
crafted input.

Software Description:
- caribou: Configurable on screen keyboard with scanning mode


It was discovered that the Caribou onscreen keyboard could be made
to crash when given certain input values. An attacker could use this
to bypass screen-locking applications that support using Caribou as
an input mechanism.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  gir1.2-caribou-1.0              0.4.21-7ubuntu0.20.10.1
  libcaribou0                     0.4.21-7ubuntu0.20.10.1

Ubuntu 20.04 LTS:
  gir1.2-caribou-1.0              0.4.21-7ubuntu0.20.04.1
  libcaribou0                     0.4.21-7ubuntu0.20.04.1

After a standard system update you need to restart applications that
use Caribou as an onscreen keyboard to make all the necessary changes.


Package Information: