[arch-security] [ASA-201602-10] kscreenlocker: access restriction bypass
anthraxx at archlinux.org
Wed Feb 10 01:50:12 UTC 2016
Arch Linux Security Advisory ASA-201602-10
Date : 2016-02-10
CVE-ID : CVE-2016-2312
Package : kscreenlocker
Type : access restriction bypass
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package kscreenlocker before version 5.5.4-2 is vulnerable to access
Upgrade to 5.5.4-2.
# pacman -Syu "kscreenlocker>=5.5.4-2"
The problem has been fixed upstream but no release is available yet.
A vulnerability has been discovered in kscreenlocker that is leading to
access restriction bypass. Turning all screens off while the lock screen
is shown can result in the screen being unlocked when turning a screen
A local attacker with physical access to the hardware is able to gain
unauthorized access to a locked system.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security