CVE-2015-8025

NameCVE-2015-8025
Descriptiondriver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-338-1, DSA-3438-1
NVD severitylow
Debian Bugs802914

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xscreensaver (PTS)jessie5.30-1+deb8u2fixed
jessie (security)5.30-1+deb8u1fixed
stretch5.36-1fixed
bullseye, sid, buster5.42+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xscreensaversource(unstable)5.34-1802914
xscreensaversourcejessie5.30-1+deb8u1DSA-3438-1
xscreensaversourcesqueeze5.11-1+deb6u11DLA-338-1
xscreensaversourcewheezy5.15-3+deb7u1DSA-3438-1

Notes

http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
https://bugzilla.redhat.com/show_bug.cgi?id=1274452

Search for package or bug name: Reporting problems