CVE-2015-8025

NameCVE-2015-8025
Descriptiondriver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-338-1, DSA-3438-1
NVD severitylow (attack range: local)
Debian Bugs802914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xscreensaver (PTS)wheezy, wheezy (security)5.15-3+deb7u1fixed
jessie5.30-1+deb8u2fixed
jessie (security)5.30-1+deb8u1fixed
buster, sid, stretch5.36-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xscreensaversource(unstable)5.34-1low802914
xscreensaversourcejessie5.30-1+deb8u1lowDSA-3438-1
xscreensaversourcesqueeze5.11-1+deb6u11lowDLA-338-1
xscreensaversourcewheezy5.15-3+deb7u1lowDSA-3438-1

Notes

http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
https://bugzilla.redhat.com/show_bug.cgi?id=1274452

Search for package or bug name: Reporting problems