USN-2184-1: Unity vulnerabilities

Ubuntu Security Notice USN-2184-1

29th April, 2014

unity vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

The Unity lock screen could be bypassed.

Software description

  • unity - Interface designed for efficiency of space and interaction.

Details

Frédéric Bardy discovered that Unity incorrectly filtered keyboard
shortcuts when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.

Giovanni Mellini discovered that Unity could display the Dash in certain
conditions when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
unity 7.2.0+14.04.20140423-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all
the necessary changes.

References

LP: 1308850, LP: 1313885