Headline
Ubuntu Security Notice USN-6395-1
Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
==========================================================================Ubuntu Security Notice USN-6395-1September 21, 2023gnome-shell vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04Summary:GNOME Shell could be made to expose sensitive information.Software Description:- gnome-shell: graphical shell for the GNOME desktopDetails:Mickael Karatekin discovered that GNOME Shell incorrectly allowed thescreenshot tool to view open windows when a session was locked. A localattacker could possibly use this issue to obtain sensitive information.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04: gnome-shell 44.3-0ubuntu1.1After a standard system update you need to reboot your computer to make allthe necessary changes.References: https://ubuntu.com/security/notices/USN-6395-1 CVE-2023-43090Package Information: https://launchpad.net/ubuntu/+source/gnome-shell/44.3-0ubuntu1.1
Related news
CVE-2023-43090: screenshot: Some fixes to shortcut handling (!2944) · Merge requests · GNOME / gnome-shell · GitLab
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
Debian Security Advisory 5501-1
Debian Linux Security Advisory 5501-1 - Mickael Karatekin discovered that the GNOME session locking didn't restrict a keyboard shortcut used for taking screenshots in GNOME Screenshot which could result in information disclosure.