CVE-2015-8025

Published: 29 October 2015

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

Priority

Medium

Status

Package Release Status
xscreensaver
Launchpad, Ubuntu, Debian
Upstream
Released (5.34-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(5.34-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [5.15-3+deb7u1ubuntu0.1])
Patches:
Vendor: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id