Announcement

Collapse
No announcement yet.

Responses To The Linux Desktop Security Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Responses To The Linux Desktop Security Problem

    Phoronix: Responses To The Linux Desktop Security Problem

    Just about 24 hours ago I spread the news about a major vulnerability in X.Org / XKB that makes it trivial for anyone with physical access to a Linux-based desktop system to easily bypass any screensaver lock whether you're using GNOME, KDE, or most other desktop environments. So what's changed in the past day?..

    http://www.phoronix.com/vr.php?view=MTA0NTU

  • #2
    Gentoo

    the bug report is here:
    https://bugs.gentoo.org/show_bug.cgi?id=399347
    and the situation is fixed for ia32/amd64/arm

    it was reported at 2:45 am and fixed(for ia32/amd64) at 1 pm EST,
    so the "no activity today" claim is ... well, not true

    Comment


    • #3
      We've already got a stabled fix for x86, amd64 and arm.

      https://bugs.gentoo.org/show_bug.cgi?id=399347

      Comment


      • #4
        According to this page, a Fedora update has already been pushed out...

        http://who-t.blogspot.com/2012/01/xk...2012-0064.html

        Comment


        • #5
          Gentoo started to mark stable at 2012-01-19 17:42:38 UTC for the security bug.

          https://bugs.gentoo.org/show_bug.cgi?id=399347

          Comment


          • #6
            And as I said, neither does it affect Archlinux users "right now" given they have an up to date system:
            http://phoronix.com/forums/showthrea...424#post247424

            Comment


            • #7
              Distro responses aside, it is still not reverted upstream (!).

              Comment


              • #8
                My bad, it's upstream in xkeyboard-config, not the xserver.

                Comment


                • #9
                  Seems to be fixed now in all Debian branches except wheeze.
                  http://security-tracker.debian.org/t.../CVE-2012-0064

                  Comment


                  • #10
                    Fixed in all Debian branches except wheeze.
                    http://security-tracker.debian.org/t.../CVE-2012-0064

                    Comment


                    • #11
                      Alpine Linux fixed

                      Fix for Alpine Linux just pushed

                      Comment


                      • #12
                        Also fixed in Debian unstable.

                        Comment


                        • #13
                          Fix is in Fuduntu Testing, should be in stable by morning.

                          Comment


                          • #14
                            Originally posted by curaga View Post
                            My bad, it's upstream in xkeyboard-config, not the xserver.
                            So, if I rebuild the xorg xkeyboard-config/ module from git, should it remove the security problem?

                            Comment


                            • #15
                              Similare bug in Ubuntu 11.10

                              I just reported a similare bug found in Ubuntu (only tested Ubuntu 11.10). This one is probably related to LightDM. I wount disclose it untill some one has had time to find out where it steams from though.

                              Comment

                              Working...
                              X