Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Responses To The Linux Desktop Security Problem

  1. #1
    Join Date
    Jan 2007
    Posts
    14,788

    Default Responses To The Linux Desktop Security Problem

    Phoronix: Responses To The Linux Desktop Security Problem

    Just about 24 hours ago I spread the news about a major vulnerability in X.Org / XKB that makes it trivial for anyone with physical access to a Linux-based desktop system to easily bypass any screensaver lock whether you're using GNOME, KDE, or most other desktop environments. So what's changed in the past day?..

    http://www.phoronix.com/vr.php?view=MTA0NTU

  2. #2
    Join Date
    Aug 2011
    Posts
    28

    Default Gentoo

    the bug report is here:
    https://bugs.gentoo.org/show_bug.cgi?id=399347
    and the situation is fixed for ia32/amd64/arm

    it was reported at 2:45 am and fixed(for ia32/amd64) at 1 pm EST,
    so the "no activity today" claim is ... well, not true

  3. #3
    Join Date
    Jan 2009
    Location
    Columbus, OH, USA
    Posts
    323

    Default

    We've already got a stabled fix for x86, amd64 and arm.

    https://bugs.gentoo.org/show_bug.cgi?id=399347

  4. #4
    Join Date
    Apr 2010
    Posts
    734

    Default

    According to this page, a Fedora update has already been pushed out...

    http://who-t.blogspot.com/2012/01/xk...2012-0064.html

  5. #5
    Join Date
    Oct 2007
    Posts
    12

    Default

    Gentoo started to mark stable at 2012-01-19 17:42:38 UTC for the security bug.

    https://bugs.gentoo.org/show_bug.cgi?id=399347

  6. #6
    Join Date
    Jun 2010
    Location
    ฿ 16LDJ6Hrd1oN3nCoFL7BypHSEYL84ca1JR
    Posts
    1,052

    Default

    And as I said, neither does it affect Archlinux users "right now" given they have an up to date system:
    http://phoronix.com/forums/showthrea...424#post247424

  7. #7
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,103

    Default

    Distro responses aside, it is still not reverted upstream (!).

  8. #8
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    5,103

    Default

    My bad, it's upstream in xkeyboard-config, not the xserver.

  9. #9
    Join Date
    Feb 2010
    Location
    Milky Way Galaxy
    Posts
    18

    Default

    Seems to be fixed now in all Debian branches except wheeze.
    http://security-tracker.debian.org/t.../CVE-2012-0064

  10. #10
    Join Date
    Feb 2010
    Location
    Milky Way Galaxy
    Posts
    18

    Default

    Fixed in all Debian branches except wheeze.
    http://security-tracker.debian.org/t.../CVE-2012-0064

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •