Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 574270 (CVE-2016-2312)

Summary: <kde-plasma/plasma-workspace-5.4.3-r1, <kde-plasma/kscreenlocker-5.5.4-r1 - lock screen bypass
Product: Gentoo Security Reporter: Michael Palimaka (kensington) <kensington>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: kde
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Michael Palimaka (kensington) gentoo-dev 2016-02-09 15:54:58 UTC
KDE Project Security Advisory

Title:          plasma-workspace, kscreenlocker: Lock screen bypass
Risk Rating:    Low
Platforms:      X11
Versions:       plasma-workspace < 5.5.0, kscreenlocker < 5.5.5
Author:         Martin Gräßlin
Date:           09 February 2016


Turning all screens off while the lock screen is shown can result in the screen being unlocked when turning a screen on again.


An unauthorized user might gain access to a locked system. Physical access to the hardware is required.




For plasma-workspace apply the following patches:
 5.0 branch:
 5.1 branch:
 5.2 branch:
 5.3 branch:
 5.4 branch:

For kscreenlocker upgrade to Plasma 5.5.5 (after 1 March 2016) or apply the following patch:



Thanks to Dirk Weber for finding the issue, the openSUSE community for helping investigating and Martin Gräßlin for fixing the issue.
Comment 1 Michael Palimaka (kensington) gentoo-dev 2016-02-09 16:30:28 UTC
All versions in the tree are fixed.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-02-09 22:43:14 UTC
(In reply to Michael Palimaka (kensington) from comment #1)
> All versions in the tree are fixed.

Thanks :)

No stable version, setting noglsa. 

CVE request at . Bug can be closed once that is added