CVE-2015-8025

NameCVE-2015-8025
Descriptiondriver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-338-1, DSA-3438-1
Debian Bugs802914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xscreensaver (PTS)bullseye5.45+dfsg1-2fixed
bookworm6.06+dfsg1-3+deb12u1fixed
trixie, sid6.09+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xscreensaversourcesqueeze5.11-1+deb6u11DLA-338-1
xscreensaversourcewheezy5.15-3+deb7u1DSA-3438-1
xscreensaversourcejessie5.30-1+deb8u1DSA-3438-1
xscreensaversource(unstable)5.34-1802914

Notes

http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
https://bugzilla.redhat.com/show_bug.cgi?id=1274452
Search for package or bug name: Reporting problems