lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1aILLw-0001lx-3d@alpha.psidef.org>
Date: Sun, 10 Jan 2016 14:08:36 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3438-1] xscreensaver security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3438-1                   security@...ian.org
https://www.debian.org/security/                          Michael Gilbert
January 09, 2016                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xscreensaver
CVE ID         : CVE-2015-8025
Debian Bug     : 802914

It was discovered that unplugging one of the monitors in a multi-monitor
setup can cause xscreensaver to crash.  Someone with physical access to
a machine could use this problem to bypass a locked session.

For the oldstable distribution (wheezy), this problem has been fixed
in version 5.15-3+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 5.30-1+deb8u1.

For the testing (stretch) and unstable (sid) distributions, this problem
has been fixed in version 5.34-1.

We recommend that you upgrade your xscreensaver packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJWkdSSAAoJELjWss0C1vRz8f8gAKZVd93r5W9p1DzxjaKo0OCi
cIBnzsUrCi1m89yztrecnYORFAEc5KRMras50I5OcTNQzOqyY0nl9VzfDL4mRIfP
w3p1qyNDvh51+4Kjnrf3g+UxiwcvZg9Js+Y5wWGI5xMeGNyJO9nARi7E1gvHOxu5
mNoPaZTUiitxsYYR6qNliLWvqeK2DYL+cLHkzP9p14yLumlUpdML33xvgwnznUpH
UlgUCsXxvrPUYgmOACQN23WZ5ETsdj6ZKArGlpCvlx2769o+MziecICY0nYvV+St
KzWoFvf0CQ2JoyIKUcqWvCOl2ku14bSbIW5ySWHehvw+c9lSo/xbeYECUSXUf9d2
JoO0GPUwTCGGsXsDuTj+UxmzC+7qXOgutiMA6aXWGxWlvewy9+366GVgOqvkjOly
6/pNRVGX39xZAXdJR+jHuPldjF7iZx3v2R++Oc95nP94A3+RLksku0ZUIrG0mjli
tsfzyYzvjpxDEhS5ETn4V7aKqo0veYwuUCmFgzMjRpIKG3s+jMoO8BJmBb7FW6SR
EIyHvkhir7uVHG8ERJbAQxjWaBzqSOy45fDtasNSChhHZdH4NNzmFyY32Os7FjNF
lVIcXYaOKr+mhnDekYWGvGj+Fr08U+dJBPUztYuRS8MClIgED+y77867PovwyQdR
UM70qRYLpVDCkh46QZ/7dMEbCD5goeuJetshk90cyhl4WgRsyJMmcglIrGBi04aI
yK9JuuqPLesYrlgS+IlhNwhAGVlwrLFtj9vat/E5WckjiXN/fSuLyHxtt/lKLKsx
dxE889BHXrju7QzuCSH9KeGIpnm66CdWhIKn4SRZiaXjC6NbwHyNxalF/F9Xj6uy
q3hPzOXYddASQEH9Wyk1swlXk92uIGq8qo8fqOH9ANygcPEdFxCvSntweIrfqg6A
nJ6xBdW6aMKlLK1Tu/kq3pnIsUUz8tGIdzgYuOIucnbECIJl1SgG8O1XQXAvDx0G
kFVsuxnRJ/3f88+Y0PF1n50/90NCbXBYMQfky27R4xpQXDxppkfH2HYi1MEDXZiq
ZQQL5nm3ZbHprgVSQTrjiZ7E/lDv+g0iyd8EnUmTUi2BCOCPJqdW8+HvfKw74T7n
sDjAn+D6IDlk+qSZwVFMgzZVhOVK8dANQIOzH8Pb2VcTTVuA4SHsEyZ75lkvpXrt
76QnSPDEo+ItK6+4j2rrZ/Smsl6ujqr7ttPLKrb+/gH/0RlYfyY+NZ6auM27bTTY
eqgKvNM9apzppcX2piMf6OUKV/cMbl+XdWdq0xEgtRixBc/OzhSE+GTTySVriP7/
UeJinBxRZROJZMBzyavcd8hPX8iLpm9jp4PeyBoDaawUdbgxSc6hwjsVBDUQszY=
=k6lg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ