Trisquel Mate Desktop (vulnerability)
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.
I see Trisquel has currently version of mate desktop 1.20.1
does it still vulnerable because it is not updated much and above said all versions of mate less than 1.20.2 are vulnerable due to screensaver bug.
Thank you.
Yes, it appears to be vulnerable, as the package has not been updated since 2018. Most X11 screenlockers tend to have these issues.
https://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/
https://www.jwz.org/blog/2014/04/the-awful-thing-about-getting-it-right-the-first-time-is-that-nobody-realizes-how-hard-it-was/
Yes that is why I moved to KDE Plasma Triskel version :)
Thanks for your suggestions above.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires