USN-2303-1: Unity vulnerability

31 July 2014

unity vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

The Unity lock screen could possibly be bypassed in certain circumstances.

Software Description

  • unity - Interface designed for efficiency of space and interaction.

Details

It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
unity - 7.2.2+14.04.20140714-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References