"Ubuntu Security Notice USN-866-1 December 07, 2009
gnome-screensaver vulnerability
https://launchpad.net/bugs/411350
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
gnome-screensaver 2.28.0-0ubuntu3.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that gnome-screensaver did not always re-enable itself
after applications requested it to ignore idle timers. This may result in t=
he
screen not being automatically locked after the inactivity timeout is
reached, permitting an attacker with physical access to gain access to an
unlocked session.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.28.0-0ubuntu3.1.diff.gz
Size/MD5: 13327 f2c77fbb875fa28d1c44d39936232927
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.28.0-0ubuntu3.1.dsc
Size/MD5: 1756 cdcdd23a16e1d25d6940e5340f6eb760
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.28.0.orig.tar.gz
Size/MD5: 5069053 cdf328a0443a3cc30b4b2b36d9a99236
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.28.0-0ubuntu3.1_amd64.deb
Size/MD5: 4185376 942a077f04675c8d27c5d55e826b039b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-s=
creensaver_2.28.0-0ubuntu3.1_i386.deb
Size/MD5: 4168922 a3ca1ae6e3274795a0d2aff0a4b94a6f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver=
_2.28.0-0ubuntu3.1_lpia.deb
Size/MD5: 4169780 e9e90dfe93ebd18c13808e5f0bf83f4c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver=
_2.28.0-0ubuntu3.1_powerpc.deb
Size/MD5: 4179392 d0ae3da6337a4fb8b71dd0ef36f4692d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver=
_2.28.0-0ubuntu3.1_sparc.deb
Size/MD5: 4177782 ee55f5f5f3ac0e4867cd9e8c1bc450f6
--=-cPCQhnwwqhkh7mZLX7i8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAksdckEACgkQLMAs/0C4zNqXEwCguhPfYbhR68POKx3mmJ464iep
J0UAn0q+bmXERxnwBqEG6xt0iW6Ou0ik
=Y9Qf
-----END PGP SIGNATURE-----
"
USN-858-1: OpenLDAP vulnerabilityLady Gaga has over 20 wigs
This entry was posted
on 2:24 PM
.
Archives
-
▼
2009
(488)
-
▼
December
(41)
- DSA 1958-1: New libtool packages fix privilege esc...
- DSA 1957-1: New aria2 packages fix arbitrary code ...
- DSA-1962-1: New kvm packages fix several vulnerabi...
- USN-873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabi...
- DSA 1961-1: New bind9 packages fix cache poisoning
- DSA 1963-1: New unbound packages fix DNSSEC valida...
- RHSA-2009:1694-01 Critical: java-1.6.0-ibm securit...
- RHSA-2009:1688-01 Moderate: condor security update
- GLSA 200912-02 Ruby on Rails: Multiple vulnerabil...
- RHSA-2009:1689-01 Moderate: condor security update
- DSA 1960-1: New acpid packages fix weak file permi...
- USN-874-1: Firefox 3.5 and Xulrunner 1.9.1 vulnera...
- DSA 1954-1: New cacti packages fix insufficient in...
- DSA-1959-1: New ganeti packages fix arbitrary comm...
- USN-875-1: Red Hat Cluster Suite vulnerabilities
- RHSA-2009:1680-01 Important: xpdf security update
- DSA 1956-1: New xulrunner packages fix several vul...
- RHSA-2009:1682-01 Important: kdegraphics security ...
- RHSA-2009:1671-01 Important: kernel security and b...
- DSA-1953-1: New expat packages fix denial of service
- RHSA-2009:1670-01 Important: kernel security and b...
- DSA 1952-2: End-of-life announcement for asterisk ...
- USN-871-1: KDE vulnerability
- USN-871-2: KDE 4 vulnerabilities
- RHSA-2009:1658-01 Critical: flash-plugin security ...
- USN-867-1: Ntp vulnerability
- USN-868-1: GRUB 2 vulnerability
- USN-869-1: Linux kernel vulnerabilities
- USN-870-1: PyGreSQL vulnerability
- USN-866-1: gnome-screensaver vulnerability
- RHSA-2009:1647-01 Critical: java-1.5.0-ibm securit...
- DSA 1947-1: New Shibboleth packages fix cross-site...
- RHSA-2009:1643-01 Critical: java-1.4.2-ibm securit...
- DSA 1945-1: New gforge packages fix denial of service
- DSA 1946-1: New belpic packages fix cryptographic ...
- DSA 1944-1: New request-tracker packages fix sessi...
- USN-863-1: QEMU vulnerability
- RHSA-2009:1635-01 Important: kernel-rt security, b...
- DSA 1943-1: New openldap2.3/openldap packages fix ...
- RHSA-2009:1619-01 Moderate: dstat security update
- GLSA 200912-01 OpenSSL: Multiple vulnerabilities
-
▼
December
(41)