[arch-security] [ASA-201602-10] kscreenlocker: access restriction bypass
Arch Linux Security Advisory ASA-201602-10 ========================================== Severity: Medium Date : 2016-02-10 CVE-ID : CVE-2016-2312 Package : kscreenlocker Type : access restriction bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package kscreenlocker before version 5.5.4-2 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 5.5.4-2. # pacman -Syu "kscreenlocker>=5.5.4-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A vulnerability has been discovered in kscreenlocker that is leading to access restriction bypass. Turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Impact ====== A local attacker with physical access to the hardware is able to gain unauthorized access to a locked system. References ========== https://www.kde.org/info/security/advisory-20160209-1.txt https://bugs.kde.org/show_bug.cgi?id=358125 https://bugzilla.opensuse.org/show_bug.cgi?id=964548
participants (1)
-
Levente Polyak