USN-2184-2: Unity vulnerabilities
30 April 2014
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
The Unity lock screen could be bypassed.
- unity - Interface designed for efficiency of space and interaction.
USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has uncovered more issues which have been fixed in this update. This update also fixes a regression with the shutdown dialogue.
We apologize for the inconvenience.
Original advisory details:
Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.
Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart your session to make all the necessary changes.