[arch-security] [ASA-201602-10] kscreenlocker: access restriction bypass
Levente Polyak
anthraxx at archlinux.org
Wed Feb 10 01:50:12 UTC 2016
Arch Linux Security Advisory ASA-201602-10
==========================================
Severity: Medium
Date : 2016-02-10
CVE-ID : CVE-2016-2312
Package : kscreenlocker
Type : access restriction bypass
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package kscreenlocker before version 5.5.4-2 is vulnerable to access
restriction bypass.
Resolution
==========
Upgrade to 5.5.4-2.
# pacman -Syu "kscreenlocker>=5.5.4-2"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
A vulnerability has been discovered in kscreenlocker that is leading to
access restriction bypass. Turning all screens off while the lock screen
is shown can result in the screen being unlocked when turning a screen
on again.
Impact
======
A local attacker with physical access to the hardware is able to gain
unauthorized access to a locked system.
References
==========
https://www.kde.org/info/security/advisory-20160209-1.txt
https://bugs.kde.org/show_bug.cgi?id=358125
https://bugzilla.opensuse.org/show_bug.cgi?id=964548
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160210/83086aa5/attachment.asc>
More information about the arch-security
mailing list