[manjaro-security] [arch-security] [ASA-201602-10] kscreenlocker: access restriction bypass

Levente Polyak anthraxx at archlinux.org
Wed Feb 10 02:50:12 CET 2016


Arch Linux Security Advisory ASA-201602-10
==========================================

Severity: Medium
Date    : 2016-02-10
CVE-ID  : CVE-2016-2312
Package : kscreenlocker
Type    : access restriction bypass
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package kscreenlocker before version 5.5.4-2 is vulnerable to access
restriction bypass.

Resolution
==========

Upgrade to 5.5.4-2.

# pacman -Syu "kscreenlocker>=5.5.4-2"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

A vulnerability has been discovered in kscreenlocker that is leading to
access restriction bypass. Turning all screens off while the lock screen
is shown can result in the screen being unlocked when turning a screen
on again.

Impact
======

A local attacker with physical access to the hardware is able to gain
unauthorized access to a locked system.

References
==========

https://www.kde.org/info/security/advisory-20160209-1.txt
https://bugs.kde.org/show_bug.cgi?id=358125
https://bugzilla.opensuse.org/show_bug.cgi?id=964548

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160210/83086aa5/attachment.pgp>


More information about the manjaro-security mailing list