Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 20.04 & 20.10 USN-4958-1 Critical Caribou Input Crash

ubuntu
Calendar Grey May 17, 2021
Dist Ubuntu Esm H88
Enhance your Ubuntu system's security by applying the latest updates for the Caribou vulnerability, which could cause app instability with specific inputs
Applications using Caribou could be made to crash if given specially crafted input.

Summary

Applications using Caribou could be made to crash if given specially

crafted input.

Software Description:

- caribou: Configurable on screen keyboard with scanning mode

Details:

It was discovered that the Caribou onscreen keyboard could be made

to crash when given certain input values. An attacker could use this

to bypass screen-locking applications that support using Caribou as

an input mechanism.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  gir1.2-caribou-1.0              0.4.21-7ubuntu0.20.10.1
  libcaribou0                     0.4.21-7ubuntu0.20.10.1

Ubuntu 20.04 LTS:
  gir1.2-caribou-1.0              0.4.21-7ubuntu0.20.04.1
  libcaribou0                     0.4.21-7ubuntu0.20.04.1

After a standard system update you need to restart applications that
use Caribou as an onscreen keyboard to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4958-1

https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060

Severity
critical
Lowest
Low
Medium
High
Critical

May 17, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here