USN-2303-1: Unity vulnerability

Ubuntu Security Notice USN-2303-1

31st July, 2014

unity vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

The Unity lock screen could possibly be bypassed in certain circumstances.

Software description

  • unity - Interface designed for efficiency of space and interaction.

Details

It was discovered that in certain circumstances Unity failed to
successfully grab the keyboard when switching to the lock screen. A local
attacker could possibly use this issue to run commands, and unlock the
current session.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
unity 7.2.2+14.04.20140714-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all
the necessary changes.

References

LP: 1349128