dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #43366
[Bug 1886770] [NEW] Computer is not locked after suspend
*** This bug is a security vulnerability ***
Public security bug reported:
Prerequisites:
1. Set up a password.
Steps to reproduce:
1. Click the gear wheel icon.
2. In the indicator menu, click "Suspend" item.
Expected behavior:
1. Computer goes to sleep mode.
2. After wake up, it is required to type the password to log in.
Actual behavior:
1. Computer goes to sleep mode.
2. After wake up, screen is not locked, it is possible to use session without the password.
Notes:
1. If a user suspend the system via shut down dialog box, the password is prompted.
2. The same vulnerability is present for hibernation mode if it is enabled.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: indicator-session 17.3.20+19.10.20190921-0ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30
Uname: Linux 5.4.0-26-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27
Architecture: amd64
CasperMD5CheckMismatches: ./pool/restricted/n/nvidia-graphics-drivers-390/nvidia-kernel-source-390_390.132-0ubuntu2_amd64.deb
CasperMD5CheckResult: skip
CasperVersion: 1.445
CurrentDesktop: MATE
Date: Wed Jul 8 05:46:24 2020
LiveMediaBuild: Ubuntu-MATE 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
ProcEnviron:
SHELL=/bin/bash
LANG=C.UTF-8
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
PATH=(custom, no user)
SourcePackage: indicator-session
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: indicator-session (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to indicator-session in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1886770
Title:
Computer is not locked after suspend
Status in indicator-session package in Ubuntu:
New
Bug description:
Prerequisites:
1. Set up a password.
Steps to reproduce:
1. Click the gear wheel icon.
2. In the indicator menu, click "Suspend" item.
Expected behavior:
1. Computer goes to sleep mode.
2. After wake up, it is required to type the password to log in.
Actual behavior:
1. Computer goes to sleep mode.
2. After wake up, screen is not locked, it is possible to use session without the password.
Notes:
1. If a user suspend the system via shut down dialog box, the password is prompted.
2. The same vulnerability is present for hibernation mode if it is enabled.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: indicator-session 17.3.20+19.10.20190921-0ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30
Uname: Linux 5.4.0-26-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27
Architecture: amd64
CasperMD5CheckMismatches: ./pool/restricted/n/nvidia-graphics-drivers-390/nvidia-kernel-source-390_390.132-0ubuntu2_amd64.deb
CasperMD5CheckResult: skip
CasperVersion: 1.445
CurrentDesktop: MATE
Date: Wed Jul 8 05:46:24 2020
LiveMediaBuild: Ubuntu-MATE 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
ProcEnviron:
SHELL=/bin/bash
LANG=C.UTF-8
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
PATH=(custom, no user)
SourcePackage: indicator-session
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/indicator-session/+bug/1886770/+subscriptions
Follow ups
