[Secure-testing-team] Bug#656500: xkb-data: XF86_Ungrab and XF86_ClearGrab security hole upstream
Mark Nipper
nipsy at bitgnome.net
Thu Jan 19 18:05:41 UTC 2012
Package: xkb-data
Version: 2.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
As originally reported at:
---
http://gu1.aeroxteam.fr/2012/01/19/bypass-screensaver-locker-program-xorg-111-and-up/
and further syndicated by:
---
http://www.phoronix.com/scan.php?page=news_item&px=MTA0NTA
the currently shipping version of this package contains a rather glaring
security hole with regards to locking screen savers under X.
Fix seems to be commenting any references to XF86_Ungrab and
XF86_ClearGrab, at least for the time being. I'm not sure what the long
term fix will be (reintroducing previously removed functionality
possibly).
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (700, 'testing'), (600, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
More information about the Secure-testing-team
mailing list