document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

翻译完成 by linuhap

Browse Source
This commit is contained in:
linuhap 2014-05-08 21:17:42 +08:00
parent 61efb3152d
commit bf04f28caf
2 changed files with 42 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
sources/talk/Ubuntu Fixes Security Flaw in 14.04 LTS Lock Screen.md
View File

@ -1,44 +0,0 @@
linuhap翻译中
Ubuntu Fixes Security Flaw in 14.04 LTS Lock Screen
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2013/10/security-key.jpg)
**Canonical has patched a significant security flaw in Ubuntu 14.04 LTS — one that potentially allowed attackers to gain access to a user account without needing to enter a password. **
The [lock screen bypass][1] issue, for which a fix [has now been released][2], was reported on Launchpad earlier this week.
In it, it describes a method through which user accounts locked using the new Unity lock screen could be accessed without authorisation.
How? By right-clicking on the indicator applets until the Alt+F2 keyboard shortcut worked. From here, a would-be chancer could issue commands, open apps, access date, and even unlock the session by running the **compiz replace** command.
A video demo of the loophole [can be viewed on YouTube][3].
The hack was limited to exploit by someone with local access and could not be run remotely.
### Other Lockscreen Issues Patched ###
The new lock screen, for all its glitter, has been keeping Canonicals security team busy. The Bypass issue has not been the only flaw to have been discovered.
Just days before Ubuntu 14.04 LTS was due to be released, [another critical security issue][4], one which could force a computer to unlock by triggering any readily reproducible crash at the lock screen, was (as in this case, very quickly) fixed. Another shortcut-based loophole is [currently in the process of being fixed][5].
### Secure ###
With Ubuntu LTS releases favoured by many businesses, education institutions and enterprise the issues could have proven bad news. But, if anything, these issue have underline just how prompt Canonical is in responding to and fixing issues — which is hugely reassuring.
It also underlines just how astute the company has been in deciding to only prompt current LTS users to upgrade to 14.04 LTS as of July, when the first point release lands. This extra buffer period of three month gives the Ubuntu community and its super-hero pantheon of developers more time in which to detect and fix security issues such as these.
If youre running Ubuntu 14.04 LTS remember to check for and install updates often.
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/04/ubuntu-fixes-security-flaw-trusty-login-screen
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885
[2]:https://launchpad.net/ubuntu/trusty/+source/unity/7.2.0+14.04.20140423-0ubuntu1.1
[3]:https://www.youtube.com/watch?v=d4UUB0sI5Fc
[4]:https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
[5]:https://bugs.launchpad.net/ubuntu/trusty/+source/unity/+bug/1314247

42
translated/talk/Ubuntu Fixes Security Flaw in 14.04 LTS Lock Screen.md Normal file
View File

@ -0,0 +1,42 @@
Ubuntu修复了14.04 LTS长期支持版上锁屏的安全漏洞
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2013/10/security-key.jpg)
**Canonical公司已经修补了Ubuntu 14.04 LTS上一个重大的安全漏洞 — 这个漏洞可能让攻击者不需要输入密码而获取一个用户账户。**
“[锁屏绕开][1]”问题在本周早些时候已经发表在了Launchpad上漏洞修复[现在已经发布][2]。
它描述了一种方法通过这个方法可以在没有授权的情况下访问那些使用新的Unity锁屏并处于锁屏状态的用户账户。
如何做呢右键点击指示器程序直到Alt+F2快捷键能奏效。这时你就可以发出命令打开程序访问日期甚至通过运行**compiz replace**‘命令打开会话。
漏洞演示的一个视频[可以在YouTube上看到][3]。
黑客仅限于利用本地访问,并不能远程运行。
### 其他锁屏问题的修复 ###
这个闪闪发光的新锁屏一直使Canonical的安全团队很忙。锁屏绕开问题并不是唯一被发现的漏洞。
就在前几天由于要发布Ubuntu 14.04 LTS[另一个重要的安全问题][4]被修复(在这种情况下,修复得非常快),这个漏洞可以在锁定的屏幕上通过触发任意一个容易可重复的崩溃强制电脑解锁。另一个基于快捷键的漏洞[当前正在修复的过程中][5]。
### 安全 ###
随着受很多商业教育机构和企业喜爱的Ubuntu LTS长期支持版的发布这些问题可能是坏消息。但是如果有问题的话这都显示Canonical公司在应对和修复问题上是多么迅速——这是非常让人放心的。
这也显示了七月份当第一个版本发布时,该公司在决定只提示当前长期支持版用户升级到 14.04 LTS 是多么机敏。这三个月的额外的缓冲时间给ubuntu社区和它的开发者的超级英雄殿堂更多时间去检测和修复安全问题比如以上这些问题。
如果你正在使用Ubuntu 14.04 LTS记得经常检查和安装更新。
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/04/ubuntu-fixes-security-flaw-trusty-login-screen
译者:[译者linuhap](https://github.com/linuhap) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885
[2]:https://launchpad.net/ubuntu/trusty/+source/unity/7.2.0+14.04.20140423-0ubuntu1.1
[3]:https://www.youtube.com/watch?v=d4UUB0sI5Fc
[4]:https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572
[5]:https://bugs.launchpad.net/ubuntu/trusty/+source/unity/+bug/1314247