Headline
Debian Security Advisory 5501-1
Debian Linux Security Advisory 5501-1 - Mickael Karatekin discovered that the GNOME session locking didn’t restrict a keyboard shortcut used for taking screenshots in GNOME Screenshot which could result in information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5501-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2023 https://www.debian.org/security/faq
Package : gnome-shell
CVE ID : CVE-2023-43090
Debian Bug : 1052067
Mickael Karatekin discovered that the GNOME session locking didn’t
restrict a keyboard shortcut used for taking screenshots in GNOME
Screenshot which could result in information disclosure.
The oldstable distribution (bullseye) is not affected.
For the stable distribution (bookworm), this problem has been fixed in
version 43.6-1~deb12u2.
We recommend that you upgrade your gnome-shell packages.
For the detailed security status of gnome-shell please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnome-shell
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUIw3UACgkQEMKTtsN8
TjaVlw/+LUH83VpiNEc7iPjRxpLP2QdErxo/cPMoru4IWvjJ7keEQOpn9fRkrM2I
btv5UNYFtveKnIeP1y9mScq3J9P+LRTqkPP5rlnfj++0CkXcxjqNsOKcz9COktFN
i1z7+ZONPt1U1IMD/3nIvzYnyCbGS1Gy3ywW82lOtTfF7wrASSowfPF5BXgxU0Xn
WR2FCYcPK8FfceLvV/p53ri4LhJTL2524jYPj0NagKA2+Wy9Iz/1nEMhOLTbgW3C
w4ccf1LeUQhSI+IkeXJKW+ZJZErLp6behwz2xlVSLwpavZGMXABrS3/wBdlVX1nf
Szn5qyT8tnDhPNM/2QE5YVThF5Hg0DXG/hnlXYdyEE3bKjNSyj67ITlWDMayOW8C
+kBAw5N3W7WzU5R6vrKQrOZDLRsJICVpcZUYpE7OVOvbli9ACUdJygsWZSklhx3t
TOU2VS7FUuv93XrKDHLaBC3sTuqMr4tfpeflAYbYioav1nWZ+jLNiVZvBxuzVi+L
CZamJB4izz7bVrMrPeeyvkGDt1YSbJXEO/Ylddvo2e243IQ/PKtz87AkG052kwQU
H22yXJ2qgRtSqeB0kJc3Mwpp3/UH5ypP506rONtqj7Eit/YeEjXY0J+qY6wzPxw/
uPB2huzZae7Xz3PHAaZpUUZ5oRvrxoKoMtF4XcuzmaO5GBqciKo=BOC4
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.