Advisories » MGASA-2021-0043

Updated caribou packages fix a security vulnerability

Publication date: 17 Jan 2021
Modification date: 17 Jan 2021
Type: security
Affected Mageia releases : 7

Description

An issue in caribou, that was exposed by a CVE fix in X.org server, permits
a screensaver-lock bypass. It is possible to crash the screensaver and unlock
the desktop via the virtual keyboard.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28072
• https://github.com/linuxmint/cinnamon-screensaver/issues/354
• https://www.openwall.com/lists/oss-security/2021/01/15/1

SRPMS

7/core

• caribou-0.4.21-3.1.mga7