==========================================================================
Ubuntu Security Notice USN-2184-2
April 30, 2014

unity vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

The Unity lock screen could be bypassed.

Software Description:
– unity: Interface designed for efficiency of space and interaction.

Details:

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing has
uncovered more issues which have been fixed in this update. This update
also fixes a regression with the shutdown dialogue.

We apologize for the inconvenience.

Original advisory details:

Frédéric Bardy discovered that Unity incorrectly filtered keyboard
shortcuts when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.
Giovanni Mellini discovered that Unity could display the Dash in certain
conditions when the screen was locked. A local attacker could possibly use
this issue to run commands, and unlock the current session.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
unity 7.2.0+14.04.20140423-0ubuntu1.2

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2184-2
http://www.ubuntu.com/usn/usn-2184-1
https://launchpad.net/bugs/1314247

Package Information:
https://launchpad.net/ubuntu/+source/unity/7.2.0+14.04.20140423-0ubuntu1.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTYUXnAAoJEGVp2FWnRL6TA1kP/RsbM3SFTF+9ZScWHk/15BaZ
ebZg+xAYWqotQJ1SfCp30tnHUi0ZO99cEp4y5TpSd/Pbtf9JK1fdwImicf6hCAKO
VyAugSE/TPjOvpc9nG12xg1HDmjcsG1+xKIAA7/U58cLH0+wlqktTFC7JZxSCIZw
SKjAlm9gKpG16JxDZxGVRrlo7tX7kIHwmIlyxP9c7baX4JLPHdx9pCsGJrfUQ62X
eVbiTZYD+Jy1kOSz2IybHMtUku8yHKviFViUlzmlAboCSYjtYR8ON9XieMN6WB0q
W0E9XBTUd4aAs3LdOOWtj2m3hqy6zp6Z1AhnVp/1s8+zFtY0322PEhDInA3Dt+N5
pkzhsZwK8MqGQOPcBJKGOcO/bXWs7GQ0ShV9yFQOTDqpW6mb/95brwBA4g4FdLVb
2YnHjfMW0+uv9Rys4neNSCaSOvTbllw8Qj5YpeYOBbtkKPM6Bb3YpnxKtstHmGWQ
0KQVhXyd76zpdQbj2xq2GxBv0Q4MIJYvHazmcTS1v5y2yT426Z0sYqc4kGWUw6bu
VlejbQEzqH9ZEcpxeQnz3vw2zGp36kPI17UUl3/dNkO4fjt5emdKWeT1wFSvDuiW
PxFBg28deuwzyOEBed60vaimXs3WvY3NxqyN3BrbyXxzAO1Tj0Cy7Zmzs7997/vI
EmKMUfHraof3TCeuc5jM
=u4FA
—–END PGP SIGNATURE—–
—