CVE-2014-1949

Publication date 16 January 2015

Last updated 24 July 2024

Ubuntu priority

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gtk+3.0	14.10 utopic	Not affected
	14.04 LTS trusty	Fixed 3.10.8-0ubuntu1.4
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

although this issue was reported against cinnamon-screensaver, the actual problem lies in gtk+3.0, and also affects gnome-screensaver

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openwall.com/lists/oss-security/2014/02/12/7
https://www.cve.org/CVERecord?id=CVE-2014-1949