Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918713 (CVE-2023-43090)

Summary: <gnome-base/gnome-shell-45.0: lock screen bypass via screenshot tool
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, gnome, leio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990
Whiteboard: A4 [glsa? cleanup]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-28 22:41:47 UTC 
CVE-2023-43090:

A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

Patch is at: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944

And is merged for 45.0. Backported in 44.5 as 23e24a4eb and 43.9 as 673e78457.

Please bump to 44.5.
Comment 1 Mart Raudsepp gentoo-dev 2024-03-09 18:38:03 UTC 
45.2 is stable
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-03-17 03:43:10 UTC 
Thanks.