CVE-2015-3213
First published: Mon Jun 01 2015(Updated: )
Ray Strode of Red Hat reports: Clutter contains APIs for recognizing finger and mouse movement based gestures. GNOME Shell uses these APIs to recognize when the user lifts the "screen shield" to initiate the screen unlock process (where a password would normally be entered). A bug in clutter's gesture handling code leads to a crash in some cases when the user performs gestures. This crash can lead to screen lock bypass. The bug was fixed upstream in clutter 1.16.2 External reference: <a href="https://bugzilla.gnome.org/show_bug.cgi?id=749847">https://bugzilla.gnome.org/show_bug.cgi?id=749847</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clutter Project Clutter | <=1.16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.gnome.org/show_bug.cgi?id=749847
- https://rhn.redhat.com/errata/RHSA-2015-1510.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1227098
- http://rhn.redhat.com/errata/RHSA-2015-1510.html
- https://bugzilla.gnome.org/show_bug.cgi?id=710227
- https://git.gnome.org/browse/clutter/commit/?h=clutter-1.18&id=97724939c8de004d7fa230f3ff64862d957f93a9
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-3213
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/tags
- agent/source
- vendor/clutter project
- canonical/clutter project clutter
- version/clutter project clutter/1.16.0