[arch-general] security problem in X with screen saver

Florian Pritz bluewind at xinu.at
Thu Jan 19 05:44:18 EST 2012


On 01/19/2012 09:45 AM, Timothée Ravier wrote:
> 2012/1/19 Magnus Therning <magnus at therning.org>:
>> On Thu, Jan 19, 2012 at 08:58, Divan Santana <divan at s-tainment.co.za> wrote:
>>> Hi All,
>>>
>>> As per http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
>>>
>>> There is a quite a serious security problem.
>>>
>>> Is there a patch coming out soon?
>>> Does anyone yet know a workaround to this in the meanwhile?
>>> Can it be announced?
>>
>> Have you verified that your system?
>>
>> On my system none of the keys mentioned in that article have the
>> reported results; they all jumps out to virtual terminals.  I have not
>> made any changes to the stock Arch config that would affect those
>> keys.
> 
> Use the Ctrl + Alt + * from the keypad to trigger the "bug".
> 
> As explained in the article, this is purely Xorg related. Use vlock
> for example if you want to avoid the problem.
> 

This has been fixed in xkeyboard-config 2.4.1-3 in testing. You have to
reset your xkb map or restart X after updating.

The feature is still enabled in xorg-server so if anyone wants to use
it, just create the necessary key mappings.

-- 
Florian Pritz -- {flo,bluewind}@server-speed.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20120119/c34a1af6/attachment-0001.asc>


More information about the arch-general mailing list