CVE-2015-8025 — xscreensaver - security update

Description

driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.

How to fix CVE-2015-8025

To remediate CVE-2015-8025, upgrade the affected package to a fixed version below.

Debian/xscreensaver—upgrade to 5.34-1 or later
Debian/xscreensaver—upgrade to 5.11-1+deb6u11 or later
Debian/xscreensaver—upgrade to 5.15-3+deb7u1 or later

Is CVE-2015-8025 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 5.34-1
from 0, < 5.11-1+deb6u11
from 0, < 5.15-3+deb7u1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-8025