Fedora has issued an advisory on October 12: https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141115.html The issue is supposed to be fixed upstream in 3.14.1. Patches are available from Fedora as well as upstream. Fedora fixed it with this patch: http://pkgs.fedoraproject.org/cgit/gnome-shell.git/plain/0001-shell-screenshot-Only-allow-one-screenshot-request-a.patch?h=f20&id=26538714913141f1e1ad529a08146a037cab750e Mageia 3 may also be affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
More information is in this oss-security thread: http://openwall.com/lists/oss-security/2014/09/29/17
Fedora patch checked into SVN for Mageia 4 (it applies cleanly). The patch does not apply for Mageia 3 (the .js file doesn't exist and only half the hunks go successfully in the .c file, the .h file it applies fine). Can anyone test and confirm the issue on Mageia 3?
CC: (none) => qa-bugs
OpenSuSE has issued an advisory for this today (November 3): http://lists.opensuse.org/opensuse-updates/2014-11/msg00005.html They patched gnome-settings-daemon. I've checked that patch into Mageia 4 SVN as well. For Mageia 3, it doesn't appear to be backportable because it depends on new fields that have since been added to the media_keys structs in shortcuts-list.h.
Summary: gnome-shell new security issue CVE-2014-7300 => gnome-shell, gnome-settings-daemon new security issue CVE-2014-7300Source RPM: gnome-shell-3.10.2.1-7.mga4.src.rpm => gnome-shell-3.10.2.1-7.mga4.src.rpm, gnome-settings-daemon-3.10.2-2.mga4.src.rpm
Dropping Mageia 3 from the whiteboard due to EOL: http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ Patched packages uploaded for Mageia 4. Advisory: ======================== Updated gnome-shell and gnome-settings-daemon packages fix security vulnerability: The lock screen in gnome-shell does not disable taking screenshots via the Print Screen key, and several consecutive screenshot requests can trigger an out-of-memory situation, causing the lock screen to be killed, thus allowing it to be bypassed (CVE-2014-7300). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7300 https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141115.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00005.html ======================== Updated packages in core/updates_testing: ======================== gnome-shell-3.10.2.1-7.1.mga4 gnome-shell-docs-3.10.2.1-7.1.mga4 gnome-settings-daemon-3.10.2-2.1.mga4 gnome-settings-daemon-devel-3.10.2-2.1.mga4 from SRPMS: gnome-shell-3.10.2.1-7.1.mga4.src.rpm gnome-settings-daemon-3.10.2-2.1.mga4.src.rpm
CC: qa-bugs => olavAssignee: olav => qa-bugsWhiteboard: MGA3TOO => (none)
Testing on Mageia4-64 realhardware With current packages : --------------------- ...and gdm as login manager (otherwise, I don't have lockscreen in gnome shell) # rpm -q gnome-shell gnome-shell-3.10.2.1-7.mga4 # rpm -q gnome-settings-daemon gnome-settings-daemon-3.10.2-2.mga4 When screen locked, using Print Screen key could take multiple screenshots that I found in my /home/Images folder (did not manage to kill the lock screen, maybe it requires more screenshots). With updated testing packages : ----------------------------- - gnome-settings-daemon-3.10.2-2.1.mga4.x86_64 - gnome-shell-3.10.2.1-7.1.mga4.x86_64 When screen locked, using Print Screen key didn't take screenshots, nothing in /home/Images folder. Could still print screen when screen active.
CC: (none) => olchal
Thanks Olivier. Adding the OK marker.
Whiteboard: (none) => MGA4-64-OK
Advisory uploaded.
Whiteboard: MGA4-64-OK => MGA4-64-OK advisory
Testing on Mageia4-32 real hardware With current packages : --------------------- gnome-shell-3.10.2.1-7.mga4 gnome-settings-daemon-3.10.2-2.mga4 could reproduce the issue. With updated testing packages : ----------------------------- gnome-shell-3.10.2.1-7.1.mga4 gnome-settings-daemon-3.10.2-2.1.mga4 solves the security problem. OK
Whiteboard: MGA4-64-OK advisory => MGA4-64-OK MGA4-32-OK advisory
Validating. Please push to updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0501.html
Status: NEW => RESOLVEDResolution: (none) => FIXED