lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 07 Dec 2009 16:23:17 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-866-1] gnome-screensaver vulnerability

===========================================================
Ubuntu Security Notice USN-866-1          December 07, 2009
gnome-screensaver vulnerability
https://launchpad.net/bugs/411350
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  gnome-screensaver               2.28.0-0ubuntu3.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that gnome-screensaver did not always re-enable itself
after applications requested it to ignore idle timers. This may result in the
screen not being automatically locked after the inactivity timeout is
reached, permitting an attacker with physical access to gain access to an
unlocked session.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1.diff.gz
      Size/MD5:    13327 f2c77fbb875fa28d1c44d39936232927
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1.dsc
      Size/MD5:     1756 cdcdd23a16e1d25d6940e5340f6eb760
    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0.orig.tar.gz
      Size/MD5:  5069053 cdf328a0443a3cc30b4b2b36d9a99236

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_amd64.deb
      Size/MD5:  4185376 942a077f04675c8d27c5d55e826b039b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_i386.deb
      Size/MD5:  4168922 a3ca1ae6e3274795a0d2aff0a4b94a6f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_lpia.deb
      Size/MD5:  4169780 e9e90dfe93ebd18c13808e5f0bf83f4c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  4179392 d0ae3da6337a4fb8b71dd0ef36f4692d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.1_sparc.deb
      Size/MD5:  4177782 ee55f5f5f3ac0e4867cd9e8c1bc450f6




Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ