Bugzilla – Bug 900031
VUL-0: CVE-2014-7300: gnome-shell: lockscreen bypass with printscreen key
Last modified: 2016-04-27 20:31:04 UTC
rh#1147917 References: https://bugzilla.redhat.com/show_bug.cgi?id=1147917 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7300
upstream bug report: https://bugzilla.gnome.org/show_bug.cgi?id=737456 SLE12 (and openSUSE 13.1) are vulnerable too BTW, didn't test older openSUSE versions, probably vulnerable too
For Factory, 13.2 we can likely just wait for gnome-shell 3.14.1 coming next week (scheduled). For 13.1 and SLE we ned to backport... I sugest to wait until upstream actually settles on the fix (interesting discussions). Funnily, my machine was too dast... Couln't get it to crash :)
Fix in openSUSE 13.2 part of GNOME 3.14.1 for openSUSE 13.1, gnome-settings-daemon has been submitted (incident 257810 )
Carl, could you take care of this change for SLE12 ? Thanks !
openSUSE-SU-2014:1348-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 900031 CVE References: CVE-2014-7300 Sources used: openSUSE 13.1 (src): gnome-settings-daemon-3.10.3-24.1
Maintainence request: https://build.suse.de/request/show/46584 Original patch see bgo#737456, slight modification is made. Details: Fix by forbidding print screen in lock screen. PS: In bgo#737456, there are two patches, the other handles the "oom-killer" issue by preventing simutaneous screenshots.
SUSE-SU-2015:0515-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 900031,905158 CVE References: CVE-2014-7300 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): gnome-settings-daemon-3.10.2-20.1 SUSE Linux Enterprise Server 12 (src): gnome-settings-daemon-3.10.2-20.1 SUSE Linux Enterprise Desktop 12 (src): gnome-settings-daemon-3.10.2-20.1