Ubuntu
xlockmore package

xlock fails when called with DPMS disabled

Bug #944300 reported by James Rice
274
This bug affects 5 people
Affects Status Importance Assigned to Milestone
xlockmore (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

This also occur with xlock called remotely (through a thin client) because DPMS is not available. This has been fixed in Debian (Sid) all the details are available here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630476

I believe that the inability to lock the screen under certain circumstances make this a security issue, but I could be wrong.

Revision history for this message
James Rice (james-rice2) wrote :

Changed to public, because it's not really "exploitable". This also causes xlock to fail when it is run in a Virtual Machine.

visibility: private → public
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I was able to confirm this in Oneiric, with xlockmore 1:5.31-1, inside of a KVM guest. I had to use the vmvga video driver to see the failure below. xlock functions correctly when using the cirrus video driver.

X Error of failed request: BadMatch (invalid parameter attributes)
  Major opcode of failed request: 132 (DPMS)
  Minor opcode of failed request: 6 (DPMSForceLevel)
  Serial number of failed request: 269
  Current serial number in output stream: 272

Changed in xlockmore (Ubuntu):
status: New → Confirmed
Revision history for this message
MMlosh (mmlosh) wrote :

I just got mail that xlockmore will be purged in the next debian release.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690891

The reasons aren't detailed, I found only those:

There is one serious bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472076
But it doesn't really state WHAT should be fixed.

and one marked as CVE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318123
That xlock doesn't seem to work with smartcards or something?

And then a few for-years running bugs, which don't seem hard to fix.
Like this one.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.